{"id":"CVE-2023-46852","details":"In Memcached before 1.6.22, a buffer overflow exists when processing multiget requests in proxy mode, if there are many spaces after the \"get\" substring.","aliases":["BIT-memcached-2023-46852"],"modified":"2026-03-14T12:15:50.103859Z","published":"2023-10-27T20:15:09.133Z","related":["openSUSE-SU-2024:13427-1"],"references":[{"type":"ADVISORY","url":"https://github.com/memcached/memcached/compare/1.6.21...1.6.22"},{"type":"FIX","url":"https://github.com/memcached/memcached/commit/76a6c363c18cfe7b6a1524ae64202ac9db330767"}],"affected":[{"ranges":[{"type":"GIT","repo":"https://github.com/memcached/memcached","events":[{"introduced":"0"},{"fixed":"9723c0ea8ec1237b8364410ba982af8ea020a2b6"},{"fixed":"76a6c363c18cfe7b6a1524ae64202ac9db330767"}],"database_specific":{"versions":[{"introduced":"0"},{"fixed":"1.6.22"}]}}],"versions":["1.2.0","1.2.1","1.2.2","1.2.3","1.2.4","1.2.5","1.2.6","1.3.2","1.3.3","1.4-rc1","1.4.0","1.4.0-rc1","1.4.1","1.4.1-rc1","1.4.10","1.4.11","1.4.11-beta1","1.4.11-rc1","1.4.12","1.4.13","1.4.14","1.4.15","1.4.16","1.4.17","1.4.18","1.4.19","1.4.2","1.4.2-rc1","1.4.20","1.4.21","1.4.22","1.4.23","1.4.24","1.4.25","1.4.26","1.4.27","1.4.28","1.4.29","1.4.3","1.4.3-rc1","1.4.3-rc2","1.4.30","1.4.31","1.4.32","1.4.33","1.4.34","1.4.35","1.4.36","1.4.37","1.4.38","1.4.39","1.4.4","1.4.5","1.4.6","1.4.6-rc1","1.4.7","1.4.7-rc1","1.4.8","1.4.8-rc1","1.4.9","1.5.0","1.5.1","1.5.10","1.5.11","1.5.12","1.5.13","1.5.14","1.5.15","1.5.16","1.5.17","1.5.18","1.5.19","1.5.2","1.5.20","1.5.21","1.5.22","1.5.3","1.5.4","1.5.5","1.5.6","1.5.7","1.5.8","1.5.9","1.6.0","1.6.1","1.6.10","1.6.11","1.6.12","1.6.13","1.6.14","1.6.15","1.6.16","1.6.17","1.6.18","1.6.19","1.6.2","1.6.20","1.6.21","1.6.3","1.6.4","1.6.5","1.6.6","1.6.7","1.6.8","1.6.9"],"database_specific":{"vanir_signatures":[{"digest":{"threshold":0.9,"line_hashes":["290363028060853763685164354174153813499","297786750967188533334231301939439262811","14145816961333890689558680249334095297","242698490776631290366092703249317746578","67593870491469088987964804417848307262","33085897709882427857906605733410557145","276702416635199297583414324200080514847","131271685313293151317266976221074347743","209290748752889118690141015760345679183"]},"source":"https://github.com/memcached/memcached/commit/76a6c363c18cfe7b6a1524ae64202ac9db330767","id":"CVE-2023-46852-2187b18a","signature_type":"Line","signature_version":"v1","target":{"file":"proto_proxy.c"},"deprecated":false},{"digest":{"length":3993,"function_hash":"201377387536002021182974411310198141244"},"source":"https://github.com/memcached/memcached/commit/76a6c363c18cfe7b6a1524ae64202ac9db330767","id":"CVE-2023-46852-d5af8d07","signature_type":"Function","signature_version":"v1","target":{"file":"proto_proxy.c","function":"proxy_process_command"},"deprecated":false}],"source":"https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2023-46852.json"}}],"schema_version":"1.7.5","severity":[{"type":"CVSS_V3","score":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"}]}