{"dataType": "CVE_RECORD", "dataVersion": "5.1", "cveMetadata": {"state": "PUBLISHED", "cveId": "CVE-2022-48571", "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "assignerShortName": "mitre", "dateUpdated": "2024-08-03T15:17:55.164Z", "dateReserved": "2023-07-24T00:00:00", "datePublished": "2023-08-22T00:00:00"}, "containers": {"cna": {"providerMetadata": {"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "shortName": "mitre", "dateUpdated": "2023-09-08T00:06:17.590301"}, "descriptions": [{"lang": "en", "value": "memcached 1.6.7 allows a Denial of Service via multi-packet uploads in UDP."}], "affected": [{"vendor": "n/a", "product": "n/a", "versions": [{"version": "n/a", "status": "affected"}]}], "references": [{"url": "https://github.com/memcached/memcached/commit/6b319c8c7a29e9c353dec83dc92f01905f6c8966"}, {"name": "[debian-lts-announce] 20230907 [SECURITY] [DLA 3557-1] memcached security update", "tags": ["mailing-list"], "url": "https://lists.debian.org/debian-lts-announce/2023/09/msg00004.html"}], "problemTypes": [{"descriptions": [{"type": "text", "lang": "en", "description": "n/a"}]}]}, "adp": [{"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-03T15:17:55.164Z"}, "title": "CVE Program Container", "references": [{"url": "https://github.com/memcached/memcached/commit/6b319c8c7a29e9c353dec83dc92f01905f6c8966", "tags": ["x_transferred"]}, {"name": "[debian-lts-announce] 20230907 [SECURITY] [DLA 3557-1] memcached security update", "tags": ["mailing-list", "x_transferred"], "url": "https://lists.debian.org/debian-lts-announce/2023/09/msg00004.html"}]}]}}

{}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:memcached:memcached:1.6.7:*:*:*:*:*:*:*", "matchCriteriaId": "009882B6-13BA-490C-8A7D-F293C3B50D4A", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "cveTags": [], "descriptions": [{"lang": "en", "value": "memcached 1.6.7 allows a Denial of Service via multi-packet uploads in UDP."}], "id": "CVE-2022-48571", "lastModified": "2023-09-08T01:15:07.393", "metrics": {"cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 7.5, "baseSeverity": "HIGH", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "version": "3.1"}, "exploitabilityScore": 3.9, "impactScore": 3.6, "source": "nvd@nist.gov", "type": "Primary"}]}, "published": "2023-08-22T19:16:32.233", "references": [{"source": "cve@mitre.org", "tags": ["Patch"], "url": "https://github.com/memcached/memcached/commit/6b319c8c7a29e9c353dec83dc92f01905f6c8966"}, {"source": "cve@mitre.org", "url": "https://lists.debian.org/debian-lts-announce/2023/09/msg00004.html"}], "sourceIdentifier": "cve@mitre.org", "vulnStatus": "Modified", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-400"}], "source": "nvd@nist.gov", "type": "Primary"}]}

{"bugzilla": {"description": "memcached: Denial of Service via multi-packet uploads in UDP", "id": "2235661", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2235661"}, "csaw": false, "cvss3": {"cvss3_base_score": "5.3", "cvss3_scoring_vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L", "status": "draft"}, "cwe": "CWE-400", "details": ["memcached 1.6.7 allows a Denial of Service via multi-packet uploads in UDP.", "A buffer overflow flaw was found in memcached. This issue occurs via multi-packet uploads in UDP, leading to a denial of service."], "mitigation": {"lang": "en:us", "value": "Mitigation for this issue is either not available or the currently available options don't meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability."}, "name": "CVE-2022-48571", "package_state": [{"cpe": "cpe:/o:redhat:enterprise_linux:6", "fix_state": "Not affected", "package_name": "memcached", "product_name": "Red Hat Enterprise Linux 6"}, {"cpe": "cpe:/o:redhat:enterprise_linux:7", "fix_state": "Not affected", "package_name": "memcached", "product_name": "Red Hat Enterprise Linux 7"}, {"cpe": "cpe:/o:redhat:enterprise_linux:8", "fix_state": "Not affected", "package_name": "memcached", "product_name": "Red Hat Enterprise Linux 8"}, {"cpe": "cpe:/o:redhat:enterprise_linux:9", "fix_state": "Not affected", "package_name": "memcached", "product_name": "Red Hat Enterprise Linux 9"}], "public_date": "2023-08-22T00:00:00Z", "references": ["https://www.cve.org/CVERecord?id=CVE-2022-48571\nhttps://nvd.nist.gov/vuln/detail/CVE-2022-48571\nhttps://github.com/memcached/memcached/commit/6b319c8c7a29e9c353dec83dc92f01905f6c8966"], "statement": "Red Hat Enterprise Linux 7, 8 & 9 are not vulnerable as the issue is already fixed in memcached 1.6.8 and memcached 1.6.9.", "threat_severity": "Moderate", "upstream_fix": "memcached 1.6.8"}