CVE-2023-27478
- Source
- https://cve.org/CVERecord?id=CVE-2023-27478
- Import Source
- https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2023-27478.json
- JSON Data
- https://api.osv.dev/v1/vulns/CVE-2023-27478
- Aliases
-
- BIT-libmemcached-2023-27478
- BIT-memcached-2023-27478
- GHSA-wwmh-39wj-fx59
- Downstream
- Published
- 2023-03-07T17:55:39.172Z
- Modified
- 2026-03-14T11:59:54.430078Z
- Severity
-
- 6.5 (Medium) CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N CVSS Calculator
- Summary
- Disclosure of unrelated data in libmemcached-awesome
- Details
-
libmemcached-awesome is an open source C/C++ client library and tools for the memcached server.
libmemcachedcould return data for a previously requested key, if that previous request timed out due to a lowPOLL_TIMEOUT. This issue has been addressed in version 1.1.4. Users are advised to upgrade. There are several ways to workaround or lower the probability of this bug affecting a given deployment. 1: use a reasonably highPOLL_TIMEOUTsetting, like the default. 2: use separate libmemcached connections for unrelated data. 3: do not re-use libmemcached connections in an unknown state. - Database specific
{ "osv_generated_from": "https://github.com/CVEProject/cvelistV5/tree/main/cves/2023/27xxx/CVE-2023-27478.json", "cna_assigner": "GitHub_M", "cwe_ids": [ "CWE-200" ] }- References
-
- https://github.com/CVEProject/cvelistV5/tree/main/cves/2023/27xxx/CVE-2023-27478.json
- https://github.com/awesomized/libmemcached/commit/48dcc61a
- https://github.com/awesomized/libmemcached/releases/tag/1.1.4
- https://github.com/awesomized/libmemcached/security/advisories/GHSA-wwmh-39wj-fx59
- https://github.com/php-memcached-dev/php-memcached/issues/531
- https://nvd.nist.gov/vuln/detail/CVE-2023-27478