Openwall GNU/*/Linux - a small security-enhanced Linux distro for servers
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Date: Wed, 7 Mar 2018 11:09:50 +0100
From: Tomas Hoger <>
To: Kurt Seifried <>
Subject: Re: memcached UDP amplification attacks

On Fri, 2 Mar 2018 21:42:30 -0700 Kurt Seifried wrote:

> I have assigned CVE-2018-1000115 to this issue:
> Memcached version 1.5.5 contains an Insufficient Control of Network
> Message Volume (Network Amplification, CWE-406) vulnerability in the
> UDP support of the memcached server that can result in denial of
> service via network flood (traffic amplification of 1:50,000 has been
> reported by reliable sources). This attack appear to be exploitable
> via network connectivity to port 11211 UDP. This vulnerability
> appears to have been fixed in 1.5.6 due to the disabling of the UDP
> protocol by default.

Minor nitpick, the description mentions 1:50,000 ratio, apparently
based on the information in the following reference:


where it's mentioned as:

Worse, memcached can have an amplification factor of over 50,000,
meaning a 203 byte request results in a 100 megabyte response.

However, 200 * 50k = 10m, not 100m.  Wonder if I'm doing my math wrong.

Tomas Hoger / Red Hat Product Security

Powered by blists - more mailing lists

Your e-mail address:

Please check out the Open Source Software Security Wiki, which is counterpart to this mailing list.

Powered by Openwall GNU/*/Linux - Powered by OpenVZ