CVE-2022-26635

Name
CVE-2022-26635
Description
PHP-Memcached v2.2.0 and below contains an improper NULL termination which allows attackers to execute CLRF injection. Note: Third parties have disputed this as not affecting PHP-Memcached directly.
NVD Severity
unknown
Other trackers
Mailing lists
Exploits
Forges
GitHub (code, issues), Aports (code, issues)

References

Type URI
MISC https://xhzeem.me/posts/Php5-memcached-Injection-Bypass/read/
cve@mitre.org https://github.com/php-memcached-dev/php-memcached/issues/519

Match rules

CPE URI Source package Min version Max version
n/a == n/a == n/a

Vulnerable and fixed packages

Source package Branch Version Maintainer Status
memcached 3.15-main 1.6.12-r0 Natanael Copa <ncopa@alpinelinux.org> possibly vulnerable
memcached 3.14-main 1.6.9-r0 Natanael Copa <ncopa@alpinelinux.org> possibly vulnerable
memcached 3.13-main 1.6.9-r0 Natanael Copa <ncopa@alpinelinux.org> possibly vulnerable
memcached 3.12-main 1.6.6-r0 Natanael Copa <ncopa@alpinelinux.org> possibly vulnerable
memcached 3.16-main 1.6.15-r0 Natanael Copa <ncopa@alpinelinux.org> fixed
memcached 3.17-main 1.6.17-r0 Natanael Copa <ncopa@alpinelinux.org> fixed
memcached 3.18-main 1.6.21-r0 Natanael Copa <ncopa@alpinelinux.org> fixed
memcached 3.19-main 1.6.22-r0 Natanael Copa <ncopa@alpinelinux.org> fixed