Bug 2246951 (CVE-2023-46853) - CVE-2023-46853 memcached: off-by-one error when processing proxy requests in proxy mode
Summary: CVE-2023-46853 memcached: off-by-one error when processing proxy requests in ...
Keywords:
Status: NEW
Alias: CVE-2023-46853
Product: Security Response
Classification: Other
Component: vulnerability
Version: unspecified
Hardware: All
OS: Linux
high
high
Target Milestone: ---
Assignee: Product Security
QA Contact:
URL:
Whiteboard:
Depends On: 2250788
Blocks: 2246952
TreeView+ depends on / blocked
 
Reported: 2023-10-30 08:56 UTC by Avinash Hanwate
Modified: 2023-11-21 16:38 UTC (History)
0 users

Fixed In Version: Memcached 1.6.22
Doc Type: If docs needed, set a value
Doc Text:
An off-by-one error was found in Memcached. This issue occurs when processing proxy requests in proxy mode if \n is used instead of \r\n.
Clone Of:
Environment:
Last Closed:
Embargoed:


Attachments (Terms of Use)

Description Avinash Hanwate 2023-10-30 08:56:18 UTC
In Memcached before 1.6.22, an off-by-one error exists when processing proxy requests in proxy mode, if \n is used instead of \r\n.

https://github.com/memcached/memcached/compare/1.6.21...1.6.22
https://github.com/memcached/memcached/commit/6987918e9a3094ec4fc8976f01f769f624d790fa

Comment 2 Sandipan Roy 2023-11-21 06:45:40 UTC
Created memcached tracking bugs for this issue:

Affects: fedora-all [bug 2250788]


Note You need to log in before you can comment on or make changes to this bug.