CVEFinder.io

CVE-2023-46852

⚠️ high
🔍 Scan for this CVE
Summary

In Memcached before 1.6.22, a buffer overflow exists when processing multiget requests in proxy mode, if there are many spaces after the "get" substring.

CVSS Score
7.5
High
EPSS Score
0.1
Exploit Probability
Published Date
2023-10-27
First Seen: 2026-01-05
📊 Relative Risk Intelligence

This CVE is Moderate Risk - more severe than 68.9% of all 330,193 vulnerabilities in our database.

#102,656
Above average severity
Severity Percentile
🎯 CISA SSVC Assessment Updated: Sep 9, 2024
🔍 Exploitation Status
None
No known exploits
⚙️ Automatable
YES
Can be exploited automatically
💥 Technical Impact
Partial
Limited system impact
SSVC data provided by CISA
Last Modified 2024-11-21
Source NVD 🔗
CVSS Vector 3.1 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
CWE IDs (Weakness Types)
CWE-120

📦 Affected Products 1

Vendor Product Status Affected Versions
memcached memcached Affected
< 1.6.22

🔗 References 2

https://github.com/memcached/memcached/commit/76a6c3...
Patch
https://github.com/memcached/memcached/compare/1.6.2...
Release Notes

🔗 Related CVEs 6

CVE ID Severity CVSS EPSS Summary Published
CVE-2026-47783 ⚠️ high 8.1 0.1 In memcached before 1.6.42, username data for SASL password database authentication has a timing side channel because a ... 2026-05-20
CVE-2026-47784 ⚠️ high 8.1 0.1 In memcached before 1.6.42, password data for SASL password database authentication has a timing side channel because me... 2026-05-20
CVE-2023-46853 ⛔ critical 9.8 0.2 In Memcached before 1.6.22, an off-by-one error exists when processing proxy requests in proxy mode, if \n is used inste... 2023-10-27
CVE-2020-22570 ⚠️ high 7.5 2.1 Memcached 1.6.0 before 1.6.3 allows remote attackers to cause a denial of service (daemon crash) via a crafted meta comm... 2023-08-22
CVE-2022-48571 ⚠️ high 7.5 0.1 memcached 1.6.7 allows a Denial of Service via multi-packet uploads in UDP. 2023-08-22
CVE-2021-37519 🔶 medium 5.5 0.0 Buffer Overflow vulnerability in authfile.c memcached 1.6.9 allows attackers to cause a denial of service via crafted au... 2023-02-03
These CVEs affect the same products