Логотип exploitDog
Консоль
Логотип exploitDog

exploitDog

nvd логотип

CVE-2023-27478

Опубликовано: 07 мар. 2023
Источник: nvd
CVSS3: 6.5
EPSS Низкий

Описание

libmemcached-awesome is an open source C/C++ client library and tools for the memcached server. libmemcached could return data for a previously requested key, if that previous request timed out due to a low POLL_TIMEOUT. This issue has been addressed in version 1.1.4. Users are advised to upgrade. There are several ways to workaround or lower the probability of this bug affecting a given deployment. 1: use a reasonably high POLL_TIMEOUT setting, like the default. 2: use separate libmemcached connections for unrelated data. 3: do not re-use libmemcached connections in an unknown state.

Ссылки

Уязвимые конфигурации

Конфигурация 1
cpe:2.3:a:awesome:libmemcached:*:*:*:*:*:*:*:*
Версия от 1.0.18 (включая) до 1.1.4 (исключая)

EPSS

Процентиль: 40%
0.00183
Низкий

6.5 Medium

CVSS3

Дефекты

CWE-200

Связанные уязвимости

ubuntu логотип

CVE-2023-27478

CVSS3: 6.5
ubuntu
почти 3 года назад

libmemcached-awesome is an open source C/C++ client library and tools for the memcached server. `libmemcached` could return data for a previously requested key, if that previous request timed out due to a low `POLL_TIMEOUT`. This issue has been addressed in version 1.1.4. Users are advised to upgrade. There are several ways to workaround or lower the probability of this bug affecting a given deployment. 1: use a reasonably high `POLL_TIMEOUT` setting, like the default. 2: use separate libmemcached connections for unrelated data. 3: do not re-use libmemcached connections in an unknown state.

redhat логотип

CVE-2023-27478

CVSS3: 6.5
redhat
почти 3 года назад

libmemcached-awesome is an open source C/C++ client library and tools for the memcached server. `libmemcached` could return data for a previously requested key, if that previous request timed out due to a low `POLL_TIMEOUT`. This issue has been addressed in version 1.1.4. Users are advised to upgrade. There are several ways to workaround or lower the probability of this bug affecting a given deployment. 1: use a reasonably high `POLL_TIMEOUT` setting, like the default. 2: use separate libmemcached connections for unrelated data. 3: do not re-use libmemcached connections in an unknown state.

msrc логотип

CVE-2023-27478

CVSS3: 6.5
msrc
больше 1 года назад

Описание отсутствует

debian логотип

CVE-2023-27478

CVSS3: 6.5
debian
почти 3 года назад

libmemcached-awesome is an open source C/C++ client library and tools ...

fstec логотип

BDU:2023-01570

CVSS3: 6.5
fstec
почти 3 года назад

Уязвимость сервиса кэширования данных memcached библиотеки libmemcached-awesome, позволяющая нарушителю получить несанкционированный доступ к защищаемой информации

EPSS

Процентиль: 40%
0.00183
Низкий

6.5 Medium

CVSS3

Дефекты

CWE-200