CVE-2023-27478
- Source
- https://nvd.nist.gov/vuln/detail/CVE-2023-27478
- Import Source
- https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2023-27478.json
- JSON Data
- https://api.osv.dev/v1/vulns/CVE-2023-27478
- Aliases
-
- BIT-libmemcached-2023-27478
- BIT-memcached-2023-27478
- GHSA-wwmh-39wj-fx59
- Downstream
- Published
- 2023-03-07T17:55:39Z
- Modified
- 2025-11-04T20:11:13.355532Z
- Severity
-
- 6.5 (Medium) CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N CVSS Calculator
- Summary
- Disclosure of unrelated data in libmemcached-awesome
- Details
-
libmemcached-awesome is an open source C/C++ client library and tools for the memcached server.
libmemcachedcould return data for a previously requested key, if that previous request timed out due to a lowPOLL_TIMEOUT. This issue has been addressed in version 1.1.4. Users are advised to upgrade. There are several ways to workaround or lower the probability of this bug affecting a given deployment. 1: use a reasonably highPOLL_TIMEOUTsetting, like the default. 2: use separate libmemcached connections for unrelated data. 3: do not re-use libmemcached connections in an unknown state. - Database specific
{ "cwe_ids": [ "CWE-200" ] }- References
Affected packages
Git / github.com/awesomized/libmemcached
Affected ranges
- Type
- GIT
- Repo
- https://github.com/awesomized/libmemcached
- Events
-
Introduced0 Unknown introduced commit / All previous commits are affectedFixedFixed
Affected versions
0.*
0.10
0.11
0.13
0.14
0.15
0.2
0.20
0.21
0.22
0.23
0.25
0.26
0.27
0.28
0.29
0.29-2
0.3
0.30
0.31
0.32
0.34
0.35
0.37
0.4
0.40
0.41
0.44
0.5
0.51
0.52
0.53
0.7
0.8
Other
0_7
_11
_20
_23
post_cmake
pre_cmake
1.*
1.0.10
1.0.11
1.0.12
1.0.13
1.0.14
1.0.15
1.0.16
1.0.17
1.0.18
1.0.2
1.0.3
1.0.4
1.0.5
1.0.6
1.0.7
1.0.8
1.0.9
1.1.0
1.1.0-beta1
1.1.0-beta2
1.1.0-beta3
1.1.1
1.1.2
1.1.3