{"dataType": "CVE_RECORD", "dataVersion": "5.1", "cveMetadata": {"state": "PUBLISHED", "cveId": "CVE-2023-46852", "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "assignerShortName": "mitre", "dateUpdated": "2024-09-09T15:36:33.049Z", "dateReserved": "2023-10-27T00:00:00", "datePublished": "2023-10-27T00:00:00"}, "containers": {"cna": {"providerMetadata": {"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "shortName": "mitre", "dateUpdated": "2023-10-27T19:06:29.939826"}, "descriptions": [{"lang": "en", "value": "In Memcached before 1.6.22, a buffer overflow exists when processing multiget requests in proxy mode, if there are many spaces after the \"get\" substring."}], "affected": [{"vendor": "n/a", "product": "n/a", "versions": [{"version": "n/a", "status": "affected"}]}], "references": [{"url": "https://github.com/memcached/memcached/commit/76a6c363c18cfe7b6a1524ae64202ac9db330767"}, {"url": "https://github.com/memcached/memcached/compare/1.6.21...1.6.22"}], "problemTypes": [{"descriptions": [{"type": "text", "lang": "en", "description": "n/a"}]}]}, "adp": [{"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-02T20:53:21.955Z"}, "title": "CVE Program Container", "references": [{"url": "https://github.com/memcached/memcached/commit/76a6c363c18cfe7b6a1524ae64202ac9db330767", "tags": ["x_transferred"]}, {"url": "https://github.com/memcached/memcached/compare/1.6.21...1.6.22", "tags": ["x_transferred"]}]}, {"affected": [{"vendor": "memcached", "product": "memcached", "cpes": ["cpe:2.3:a:memcached:memcached:1.6.2:*:*:*:*:*:*:*"], "defaultStatus": "unknown", "versions": [{"version": "0", "status": "affected", "lessThan": "1.6.22", "versionType": "custom"}]}], "metrics": [{"other": {"type": "ssvc", "content": {"timestamp": "2024-09-09T15:34:10.637588Z", "id": "CVE-2023-46852", "options": [{"Exploitation": "none"}, {"Automatable": "yes"}, {"Technical Impact": "partial"}], "role": "CISA Coordinator", "version": "2.0.3"}}}], "title": "CISA ADP Vulnrichment", "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2024-09-09T15:36:33.049Z"}}]}}

{"dataType": "CVE_RECORD", "containers": {"adp": [{"title": "CVE Program Container", "references": [{"url": "https://github.com/memcached/memcached/commit/76a6c363c18cfe7b6a1524ae64202ac9db330767", "tags": ["x_transferred"]}, {"url": "https://github.com/memcached/memcached/compare/1.6.21...1.6.22", "tags": ["x_transferred"]}], "providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-02T20:53:21.955Z"}}, {"title": "CISA ADP Vulnrichment", "metrics": [{"other": {"type": "ssvc", "content": {"id": "CVE-2023-46852", "role": "CISA Coordinator", "options": [{"Exploitation": "none"}, {"Automatable": "yes"}, {"Technical Impact": "partial"}], "version": "2.0.3", "timestamp": "2024-09-09T15:34:10.637588Z"}}}], "affected": [{"cpes": ["cpe:2.3:a:memcached:memcached:1.6.2:*:*:*:*:*:*:*"], "vendor": "memcached", "product": "memcached", "versions": [{"status": "affected", "version": "0", "lessThan": "1.6.22", "versionType": "custom"}], "defaultStatus": "unknown"}], "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2024-09-09T15:36:25.825Z"}}], "cna": {"affected": [{"vendor": "n/a", "product": "n/a", "versions": [{"status": "affected", "version": "n/a"}]}], "references": [{"url": "https://github.com/memcached/memcached/commit/76a6c363c18cfe7b6a1524ae64202ac9db330767"}, {"url": "https://github.com/memcached/memcached/compare/1.6.21...1.6.22"}], "descriptions": [{"lang": "en", "value": "In Memcached before 1.6.22, a buffer overflow exists when processing multiget requests in proxy mode, if there are many spaces after the \"get\" substring."}], "problemTypes": [{"descriptions": [{"lang": "en", "type": "text", "description": "n/a"}]}], "providerMetadata": {"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "shortName": "mitre", "dateUpdated": "2023-10-27T19:06:29.939826"}}}, "cveMetadata": {"cveId": "CVE-2023-46852", "state": "PUBLISHED", "dateUpdated": "2024-09-09T15:36:33.049Z", "dateReserved": "2023-10-27T00:00:00", "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "datePublished": "2023-10-27T00:00:00", "assignerShortName": "mitre"}, "dataVersion": "5.1"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:memcached:memcached:*:*:*:*:*:*:*:*", "matchCriteriaId": "CEB5B313-3710-4308-933A-764A76E8D77A", "versionEndExcluding": "1.6.22", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "descriptions": [{"lang": "en", "value": "In Memcached before 1.6.22, a buffer overflow exists when processing multiget requests in proxy mode, if there are many spaces after the \"get\" substring."}, {"lang": "es", "value": "En Memcached anterior a 1.6.22, existe un desbordamiento del b\u00fafer al procesar solicitudes de obtenci\u00f3n m\u00faltiple en modo proxy, si hay muchos espacios despu\u00e9s de la subcadena \"get\"."}], "id": "CVE-2023-46852", "lastModified": "2024-11-21T08:29:25.717", "metrics": {"cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 7.5, "baseSeverity": "HIGH", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "version": "3.1"}, "exploitabilityScore": 3.9, "impactScore": 3.6, "source": "nvd@nist.gov", "type": "Primary"}]}, "published": "2023-10-27T20:15:09.133", "references": [{"source": "cve@mitre.org", "tags": ["Patch"], "url": "https://github.com/memcached/memcached/commit/76a6c363c18cfe7b6a1524ae64202ac9db330767"}, {"source": "cve@mitre.org", "tags": ["Release Notes"], "url": "https://github.com/memcached/memcached/compare/1.6.21...1.6.22"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Patch"], "url": "https://github.com/memcached/memcached/commit/76a6c363c18cfe7b6a1524ae64202ac9db330767"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Release Notes"], "url": "https://github.com/memcached/memcached/compare/1.6.21...1.6.22"}], "sourceIdentifier": "cve@mitre.org", "vulnStatus": "Modified", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-120"}], "source": "nvd@nist.gov", "type": "Primary"}]}

{"bugzilla": {"description": "memcached: buffer overflow when processing multiget requests in proxy mode", "id": "2246948", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2246948"}, "csaw": false, "cvss3": {"cvss3_base_score": "7.5", "cvss3_scoring_vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "status": "draft"}, "cwe": "CWE-119", "details": ["In Memcached before 1.6.22, a buffer overflow exists when processing multiget requests in proxy mode, if there are many spaces after the \"get\" substring.", "A buffer overflow flaw was found in Memcached when processing multiget requests in proxy mode. This issue occurs when there are many spaces after the \"get\" substring."], "mitigation": {"lang": "en:us", "value": "Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability."}, "name": "CVE-2023-46852", "package_state": [{"cpe": "cpe:/o:redhat:enterprise_linux:6", "fix_state": "Not affected", "package_name": "memcached", "product_name": "Red Hat Enterprise Linux 6"}, {"cpe": "cpe:/o:redhat:enterprise_linux:7", "fix_state": "Not affected", "package_name": "memcached", "product_name": "Red Hat Enterprise Linux 7"}, {"cpe": "cpe:/o:redhat:enterprise_linux:8", "fix_state": "Not affected", "package_name": "memcached", "product_name": "Red Hat Enterprise Linux 8"}, {"cpe": "cpe:/o:redhat:enterprise_linux:9", "fix_state": "Not affected", "package_name": "memcached", "product_name": "Red Hat Enterprise Linux 9"}], "public_date": "2023-10-27T00:00:00Z", "references": ["https://www.cve.org/CVERecord?id=CVE-2023-46852\nhttps://nvd.nist.gov/vuln/detail/CVE-2023-46852"], "statement": "Proxy mode in memcached was introduced in 1.6.13, so Red Hat Enterprise Linux is not affected by this CVE.", "threat_severity": "Important", "upstream_fix": "Memcached 1.6.22"}