{"dataType": "CVE_RECORD", "dataVersion": "5.1", "cveMetadata": {"state": "PUBLISHED", "cveId": "CVE-2023-46853", "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "assignerShortName": "mitre", "dateUpdated": "2024-09-09T15:31:32.160Z", "dateReserved": "2023-10-27T00:00:00", "datePublished": "2023-10-27T00:00:00"}, "containers": {"cna": {"providerMetadata": {"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "shortName": "mitre", "dateUpdated": "2023-10-27T19:06:45.719960"}, "descriptions": [{"lang": "en", "value": "In Memcached before 1.6.22, an off-by-one error exists when processing proxy requests in proxy mode, if \\n is used instead of \\r\\n."}], "affected": [{"vendor": "n/a", "product": "n/a", "versions": [{"version": "n/a", "status": "affected"}]}], "references": [{"url": "https://github.com/memcached/memcached/compare/1.6.21...1.6.22"}, {"url": "https://github.com/memcached/memcached/commit/6987918e9a3094ec4fc8976f01f769f624d790fa"}], "problemTypes": [{"descriptions": [{"type": "text", "lang": "en", "description": "n/a"}]}]}, "adp": [{"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-02T20:53:21.941Z"}, "title": "CVE Program Container", "references": [{"url": "https://github.com/memcached/memcached/compare/1.6.21...1.6.22", "tags": ["x_transferred"]}, {"url": "https://github.com/memcached/memcached/commit/6987918e9a3094ec4fc8976f01f769f624d790fa", "tags": ["x_transferred"]}]}, {"affected": [{"vendor": "memcached", "product": "memcached", "cpes": ["cpe:2.3:a:memcached:memcached:1.6.2:*:*:*:*:*:*:*"], "defaultStatus": "unknown", "versions": [{"version": "0", "status": "affected", "lessThan": "1.6.22", "versionType": "custom"}]}], "metrics": [{"other": {"type": "ssvc", "content": {"timestamp": "2024-09-09T15:29:52.384746Z", "id": "CVE-2023-46853", "options": [{"Exploitation": "none"}, {"Automatable": "yes"}, {"Technical Impact": "total"}], "role": "CISA Coordinator", "version": "2.0.3"}}}], "title": "CISA ADP Vulnrichment", "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2024-09-09T15:31:32.160Z"}}]}}

{"dataType": "CVE_RECORD", "containers": {"adp": [{"title": "CVE Program Container", "references": [{"url": "https://github.com/memcached/memcached/compare/1.6.21...1.6.22", "tags": ["x_transferred"]}, {"url": "https://github.com/memcached/memcached/commit/6987918e9a3094ec4fc8976f01f769f624d790fa", "tags": ["x_transferred"]}], "providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-02T20:53:21.941Z"}}, {"title": "CISA ADP Vulnrichment", "metrics": [{"other": {"type": "ssvc", "content": {"id": "CVE-2023-46853", "role": "CISA Coordinator", "options": [{"Exploitation": "none"}, {"Automatable": "yes"}, {"Technical Impact": "total"}], "version": "2.0.3", "timestamp": "2024-09-09T15:29:52.384746Z"}}}], "affected": [{"cpes": ["cpe:2.3:a:memcached:memcached:1.6.2:*:*:*:*:*:*:*"], "vendor": "memcached", "product": "memcached", "versions": [{"status": "affected", "version": "0", "lessThan": "1.6.22", "versionType": "custom"}], "defaultStatus": "unknown"}], "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2024-09-09T15:31:26.451Z"}}], "cna": {"affected": [{"vendor": "n/a", "product": "n/a", "versions": [{"status": "affected", "version": "n/a"}]}], "references": [{"url": "https://github.com/memcached/memcached/compare/1.6.21...1.6.22"}, {"url": "https://github.com/memcached/memcached/commit/6987918e9a3094ec4fc8976f01f769f624d790fa"}], "descriptions": [{"lang": "en", "value": "In Memcached before 1.6.22, an off-by-one error exists when processing proxy requests in proxy mode, if \\n is used instead of \\r\\n."}], "problemTypes": [{"descriptions": [{"lang": "en", "type": "text", "description": "n/a"}]}], "providerMetadata": {"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "shortName": "mitre", "dateUpdated": "2023-10-27T19:06:45.719960"}}}, "cveMetadata": {"cveId": "CVE-2023-46853", "state": "PUBLISHED", "dateUpdated": "2024-09-09T15:31:32.160Z", "dateReserved": "2023-10-27T00:00:00", "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "datePublished": "2023-10-27T00:00:00", "assignerShortName": "mitre"}, "dataVersion": "5.1"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:memcached:memcached:*:*:*:*:*:*:*:*", "matchCriteriaId": "CEB5B313-3710-4308-933A-764A76E8D77A", "versionEndExcluding": "1.6.22", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "cveTags": [], "descriptions": [{"lang": "en", "value": "In Memcached before 1.6.22, an off-by-one error exists when processing proxy requests in proxy mode, if \\n is used instead of \\r\\n."}, {"lang": "es", "value": "En Memcached anterior a 1.6.22, existe un error uno por uno al procesar solicitudes de proxy en modo proxy, si se usa \\n en lugar de \\r\\n."}], "id": "CVE-2023-46853", "lastModified": "2023-11-07T19:04:15.560", "metrics": {"cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 9.8, "baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.1"}, "exploitabilityScore": 3.9, "impactScore": 5.9, "source": "nvd@nist.gov", "type": "Primary"}]}, "published": "2023-10-27T20:15:09.177", "references": [{"source": "cve@mitre.org", "tags": ["Patch"], "url": "https://github.com/memcached/memcached/commit/6987918e9a3094ec4fc8976f01f769f624d790fa"}, {"source": "cve@mitre.org", "tags": ["Release Notes"], "url": "https://github.com/memcached/memcached/compare/1.6.21...1.6.22"}], "sourceIdentifier": "cve@mitre.org", "vulnStatus": "Analyzed", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-193"}], "source": "nvd@nist.gov", "type": "Primary"}]}

{"bugzilla": {"description": "memcached: off-by-one error when processing proxy requests in proxy mode", "id": "2246951", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2246951"}, "csaw": false, "cvss3": {"cvss3_base_score": "9.8", "cvss3_scoring_vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "status": "draft"}, "cwe": "CWE-193", "details": ["In Memcached before 1.6.22, an off-by-one error exists when processing proxy requests in proxy mode, if \\n is used instead of \\r\\n.", "An off-by-one error was found in Memcached. This issue occurs when processing proxy requests in proxy mode if \\n is used instead of \\r\\n."], "mitigation": {"lang": "en:us", "value": "Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability."}, "name": "CVE-2023-46853", "package_state": [{"cpe": "cpe:/o:redhat:enterprise_linux:6", "fix_state": "Not affected", "package_name": "memcached", "product_name": "Red Hat Enterprise Linux 6"}, {"cpe": "cpe:/o:redhat:enterprise_linux:7", "fix_state": "Not affected", "package_name": "memcached", "product_name": "Red Hat Enterprise Linux 7"}, {"cpe": "cpe:/o:redhat:enterprise_linux:8", "fix_state": "Not affected", "package_name": "memcached", "product_name": "Red Hat Enterprise Linux 8"}, {"cpe": "cpe:/o:redhat:enterprise_linux:9", "fix_state": "Not affected", "package_name": "memcached", "product_name": "Red Hat Enterprise Linux 9"}], "public_date": "2023-10-27T00:00:00Z", "references": ["https://www.cve.org/CVERecord?id=CVE-2023-46853\nhttps://nvd.nist.gov/vuln/detail/CVE-2023-46853"], "statement": "Proxy mode in memcached was introduced in 1.6.13, so Red Hat Enterprise Linux is not affected by this CVE.", "threat_severity": "Important", "upstream_fix": "Memcached 1.6.22"}