2246951 – (CVE-2023-46853) CVE-2023-46853 memcached: off-by-one error when processing proxy requests in proxy mode

Bug 2246951 (CVE-2023-46853) - CVE-2023-46853 memcached: off-by-one error when processing proxy requests in proxy mode

Summary: CVE-2023-46853 memcached: off-by-one error when processing proxy requests in ...

Keywords:
Status:	NEW
Alias:	CVE-2023-46853
Product:	Security Response
Classification:	Other
Component:	vulnerability
Sub Component:
Version:	unspecified
Hardware:	All
OS:	Linux
Priority:	high
Severity:	high
Target Milestone:	---
Assignee:	Product Security
QA Contact:
Docs Contact:
URL:
Whiteboard:
Depends On:	2250788
Blocks:	2246952
TreeView+	depends on / blocked

Reported:	2023-10-30 08:56 UTC by Avinash Hanwate
Modified:	2023-11-21 16:38 UTC (History)
CC List:	0 users
Fixed In Version:	Memcached 1.6.22
Clone Of:
Environment:
Last Closed:
Embargoed:

Attachments	(Terms of Use)

Description Avinash Hanwate 2023-10-30 08:56:18 UTC

In Memcached before 1.6.22, an off-by-one error exists when processing proxy requests in proxy mode, if \n is used instead of \r\n.

https://github.com/memcached/memcached/compare/1.6.21...1.6.22
https://github.com/memcached/memcached/commit/6987918e9a3094ec4fc8976f01f769f624d790fa

Comment 2 Sandipan Roy 2023-11-21 06:45:40 UTC

Created memcached tracking bugs for this issue:

Affects: fedora-all [bug 2250788]

Note You need to log in before you can comment on or make changes to this bug.