CVE-2022-26635 - Vulnerability Details

Vendors	Products
Php	Memcached

Link	Providers
https://github.com/php-memcached-dev/php-memcached/issues/519
https://xhzeem.me/posts/Php5-memcached-Injection-Bypass/read/

Show plain JSON

{"dataType": "CVE_RECORD", "cveMetadata": {"state": "PUBLISHED", "cveId": "CVE-2022-26635", "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "assignerShortName": "mitre", "dateUpdated": "2024-08-03T05:11:43.291Z", "dateReserved": "2022-03-07T00:00:00", "datePublished": "2022-04-05T17:00:33"}, "containers": {"cna": {"providerMetadata": {"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "shortName": "mitre", "dateUpdated": "2024-05-21T21:42:56.985191"}, "descriptions": [{"lang": "en", "value": "PHP-Memcached v2.2.0 and below contains an improper NULL termination which allows attackers to execute CLRF injection. Note: Third parties have disputed this as not affecting PHP-Memcached directly."}], "tags": ["disputed"], "affected": [{"vendor": "n/a", "product": "n/a", "versions": [{"version": "n/a", "status": "affected"}]}], "references": [{"url": "https://xhzeem.me/posts/Php5-memcached-Injection-Bypass/read/"}, {"url": "https://github.com/php-memcached-dev/php-memcached/issues/519"}], "problemTypes": [{"descriptions": [{"type": "text", "lang": "en", "description": "n/a"}]}]}, "adp": [{"title": "CISA ADP Vulnrichment", "metrics": [{"other": {"type": "ssvc", "content": {"id": "CVE-2022-26635", "role": "CISA Coordinator", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "partial"}], "version": "2.0.3", "timestamp": "2024-05-22T20:24:33.376652Z"}}}], "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2024-06-04T17:16:16.462Z"}}, {"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-03T05:11:43.291Z"}, "title": "CVE Program Container", "references": [{"url": "https://xhzeem.me/posts/Php5-memcached-Injection-Bypass/read/", "tags": ["x_transferred"]}, {"url": "https://github.com/php-memcached-dev/php-memcached/issues/519", "tags": ["x_transferred"]}]}]}, "dataVersion": "5.1"}

{

dataType : CVE_RECORD (string)

cveMetadata : { »

state : PUBLISHED (string)

cveId : CVE-2022-26635 (string)

assignerOrgId : 8254265b-2729-46b6-b9e3-3dfca2d5bfca (string)

assignerShortName : mitre (string)

dateUpdated : 2024-08-03T05:11:43.291Z (string)

dateReserved : 2022-03-07T00:00:00 (string)

datePublished : 2022-04-05T17:00:33 (string)

}

containers : { »

cna : { »

providerMetadata : { »

orgId : 8254265b-2729-46b6-b9e3-3dfca2d5bfca (string)

shortName : mitre (string)

dateUpdated : 2024-05-21T21:42:56.985191 (string)

}

descriptions : [ »

0 : { »

lang : en (string)

value : PHP-Memcached v2.2.0 and below contains an improper NULL termination which allows attackers to execute CLRF injection. Note: Third parties have disputed this as not affecting PHP-Memcached directly. (string)

}

]

tags : [ »

0 : disputed (string)

]

affected : [ »

0 : { »

vendor : n/a (string)

product : n/a (string)

versions : [ »

0 : { »

version : n/a (string)

status : affected (string)

}

]

}

]

references : [ »

0 : { »

url : https://xhzeem.me/posts/Php5-memcached-Injection-Bypass/read/ (string)

}

1 : { »

url : https://github.com/php-memcached-dev/php-memcached/issues/519 (string)

}

]

problemTypes : [ »

0 : { »

descriptions : [ »

0 : { »

type : text (string)

lang : en (string)

description : n/a (string)

}

]

}

]

}

adp : [ »

0 : { »

title : CISA ADP Vulnrichment (string)

metrics : [ »

0 : { »

other : { »

type : ssvc (string)

content : { »

id : CVE-2022-26635 (string)

role : CISA Coordinator (string)

options : [ »

0 : { »

Exploitation : none (string)

}

1 : { »

Automatable : no (string)

}

2 : { »

Technical Impact : partial (string)

}

]

version : 2.0.3 (string)

timestamp : 2024-05-22T20:24:33.376652Z (string)

}

]

providerMetadata : { »

orgId : 134c704f-9b21-4f2e-91b3-4a467353bcc0 (string)

shortName : CISA-ADP (string)

dateUpdated : 2024-06-04T17:16:16.462Z (string)

}

1 : { »

providerMetadata : { »

orgId : af854a3a-2127-422b-91ae-364da2661108 (string)

shortName : CVE (string)

dateUpdated : 2024-08-03T05:11:43.291Z (string)

}

title : CVE Program Container (string)

references : [ »

0 : { »

url : https://xhzeem.me/posts/Php5-memcached-Injection-Bypass/read/ (string)

tags : [ »

0 : x_transferred (string)

]

}

1 : { »

url : https://github.com/php-memcached-dev/php-memcached/issues/519 (string)

tags : [ »

0 : x_transferred (string)

]

}

]

}

]

}

dataVersion : 5.1 (string)

}

Show plain JSON

{"dataType": "CVE_RECORD", "containers": {"adp": [{"title": "CVE Program Container", "references": [{"url": "https://xhzeem.me/posts/Php5-memcached-Injection-Bypass/read/", "tags": ["x_transferred"]}, {"url": "https://github.com/php-memcached-dev/php-memcached/issues/519", "tags": ["x_transferred"]}], "providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-03T05:11:43.291Z"}}, {"metrics": [{"other": {"type": "ssvc", "content": {"id": "CVE-2022-26635", "role": "CISA Coordinator", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "partial"}], "version": "2.0.3", "timestamp": "2024-05-22T20:24:33.376652Z"}}}], "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2024-05-22T20:24:44.427Z"}, "title": "CISA ADP Vulnrichment"}], "cna": {"tags": ["disputed"], "affected": [{"vendor": "n/a", "product": "n/a", "versions": [{"status": "affected", "version": "n/a"}]}], "references": [{"url": "https://xhzeem.me/posts/Php5-memcached-Injection-Bypass/read/"}, {"url": "https://github.com/php-memcached-dev/php-memcached/issues/519"}], "descriptions": [{"lang": "en", "value": "PHP-Memcached v2.2.0 and below contains an improper NULL termination which allows attackers to execute CLRF injection. Note: Third parties have disputed this as not affecting PHP-Memcached directly."}], "problemTypes": [{"descriptions": [{"lang": "en", "type": "text", "description": "n/a"}]}], "providerMetadata": {"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "shortName": "mitre", "dateUpdated": "2024-05-21T21:42:56.985191"}}}, "cveMetadata": {"cveId": "CVE-2022-26635", "state": "PUBLISHED", "dateUpdated": "2024-08-03T05:11:43.291Z", "dateReserved": "2022-03-07T00:00:00", "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "datePublished": "2022-04-05T17:00:33", "assignerShortName": "mitre"}, "dataVersion": "5.1"}

{

dataType : CVE_RECORD (string)

containers : { »

adp : [ »

0 : { »

title : CVE Program Container (string)

references : [ »

0 : { »

url : https://xhzeem.me/posts/Php5-memcached-Injection-Bypass/read/ (string)

tags : [ »

0 : x_transferred (string)

]

}

1 : { »

url : https://github.com/php-memcached-dev/php-memcached/issues/519 (string)

tags : [ »

0 : x_transferred (string)

]

}

]

providerMetadata : { »

orgId : af854a3a-2127-422b-91ae-364da2661108 (string)

shortName : CVE (string)

dateUpdated : 2024-08-03T05:11:43.291Z (string)

}

1 : { »

metrics : [ »

0 : { »

other : { »

type : ssvc (string)

content : { »

id : CVE-2022-26635 (string)

role : CISA Coordinator (string)

options : [ »

0 : { »

Exploitation : none (string)

}

1 : { »

Automatable : no (string)

}

2 : { »

Technical Impact : partial (string)

}

]

version : 2.0.3 (string)

timestamp : 2024-05-22T20:24:33.376652Z (string)

}

]

providerMetadata : { »

orgId : 134c704f-9b21-4f2e-91b3-4a467353bcc0 (string)

shortName : CISA-ADP (string)

dateUpdated : 2024-05-22T20:24:44.427Z (string)

}

title : CISA ADP Vulnrichment (string)

}

]

cna : { »

tags : [ »

0 : disputed (string)

]

affected : [ »

0 : { »

vendor : n/a (string)

product : n/a (string)

versions : [ »

0 : { »

status : affected (string)

version : n/a (string)

}

]

}

]

references : [ »

0 : { »

url : https://xhzeem.me/posts/Php5-memcached-Injection-Bypass/read/ (string)

}

1 : { »

url : https://github.com/php-memcached-dev/php-memcached/issues/519 (string)

}

]

descriptions : [ »

0 : { »

lang : en (string)

value : PHP-Memcached v2.2.0 and below contains an improper NULL termination which allows attackers to execute CLRF injection. Note: Third parties have disputed this as not affecting PHP-Memcached directly. (string)

}

]

problemTypes : [ »

0 : { »

descriptions : [ »

0 : { »

lang : en (string)

type : text (string)

description : n/a (string)

}

]

}

]

providerMetadata : { »

orgId : 8254265b-2729-46b6-b9e3-3dfca2d5bfca (string)

shortName : mitre (string)

dateUpdated : 2024-05-21T21:42:56.985191 (string)

}

cveMetadata : { »

cveId : CVE-2022-26635 (string)

state : PUBLISHED (string)

dateUpdated : 2024-08-03T05:11:43.291Z (string)

dateReserved : 2022-03-07T00:00:00 (string)

assignerOrgId : 8254265b-2729-46b6-b9e3-3dfca2d5bfca (string)

datePublished : 2022-04-05T17:00:33 (string)

assignerShortName : mitre (string)

}

dataVersion : 5.1 (string)

}

Show plain JSON

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:php:memcached:*:*:*:*:*:*:*:*", "matchCriteriaId": "7D7D6743-F537-4AE2-8D15-4A56975BCDDE", "versionEndIncluding": "2.2.0", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "cveTags": [{"sourceIdentifier": "cve@mitre.org", "tags": ["disputed"]}], "descriptions": [{"lang": "en", "value": "PHP-Memcached v2.2.0 and below contains an improper NULL termination which allows attackers to execute CLRF injection. Note: Third parties have disputed this as not affecting PHP-Memcached directly."}, {"lang": "es", "value": "PHP-Memcached versiones v2.2.0 y anteriores, contiene una terminaci\u00f3n NULL inapropiada que permite a atacantes ejecutar una inyecci\u00f3n CLRF"}], "id": "CVE-2022-26635", "lastModified": "2024-11-21T06:54:13.803", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "HIGH", "cvssData": {"accessComplexity": "LOW", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "PARTIAL", "baseScore": 7.5, "confidentialityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0"}, "exploitabilityScore": 10.0, "impactScore": 6.4, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": false}], "cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 9.8, "baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.1"}, "exploitabilityScore": 3.9, "impactScore": 5.9, "source": "nvd@nist.gov", "type": "Primary"}]}, "published": "2022-04-05T17:15:08.477", "references": [{"source": "cve@mitre.org", "url": "https://github.com/php-memcached-dev/php-memcached/issues/519"}, {"source": "cve@mitre.org", "tags": ["Exploit", "Third Party Advisory"], "url": "https://xhzeem.me/posts/Php5-memcached-Injection-Bypass/read/"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "https://github.com/php-memcached-dev/php-memcached/issues/519"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Exploit", "Third Party Advisory"], "url": "https://xhzeem.me/posts/Php5-memcached-Injection-Bypass/read/"}], "sourceIdentifier": "cve@mitre.org", "vulnStatus": "Modified", "weaknesses": [{"description": [{"lang": "en", "value": "NVD-CWE-Other"}], "source": "nvd@nist.gov", "type": "Primary"}]}

{

configurations : [ »

0 : { »

nodes : [ »

0 : { »

cpeMatch : [ »

0 : { »

criteria : cpe:2.3:a:php:memcached:*:*:*:*:*:*:*:* (string)

matchCriteriaId : 7D7D6743-F537-4AE2-8D15-4A56975BCDDE (string)

versionEndIncluding : 2.2.0 (string)

vulnerable : true (boolean)

}

]

negate : false (boolean)

operator : OR (string)

}

]

}

]

cveTags : [ »

0 : { »

sourceIdentifier : cve@mitre.org (string)

tags : [ »

0 : disputed (string)

]

}

]

descriptions : [ »

0 : { »

lang : en (string)

value : PHP-Memcached v2.2.0 and below contains an improper NULL termination which allows attackers to execute CLRF injection. Note: Third parties have disputed this as not affecting PHP-Memcached directly. (string)

}

1 : { »

lang : es (string)

value : PHP-Memcached versiones v2.2.0 y anteriores, contiene una terminación NULL inapropiada que permite a atacantes ejecutar una inyección CLRF (string)

}

]

id : CVE-2022-26635 (string)

lastModified : 2024-11-21T06:54:13.803 (string)

metrics : { »

cvssMetricV2 : [ »

0 : { »

acInsufInfo : false (boolean)

baseSeverity : HIGH (string)

cvssData : { »

accessComplexity : LOW (string)

accessVector : NETWORK (string)

authentication : NONE (string)

availabilityImpact : PARTIAL (string)

baseScore : 7.5 (number)

confidentialityImpact : PARTIAL (string)

integrityImpact : PARTIAL (string)

vectorString : AV:N/AC:L/Au:N/C:P/I:P/A:P (string)

version : 2.0 (string)

}

exploitabilityScore : 10 (number)

impactScore : 6.4 (number)

obtainAllPrivilege : false (boolean)

obtainOtherPrivilege : false (boolean)

obtainUserPrivilege : false (boolean)

source : nvd@nist.gov (string)

type : Primary (string)

userInteractionRequired : false (boolean)

}

]

cvssMetricV31 : [ »

0 : { »

cvssData : { »

attackComplexity : LOW (string)

attackVector : NETWORK (string)

availabilityImpact : HIGH (string)

baseScore : 9.8 (number)

baseSeverity : CRITICAL (string)

confidentialityImpact : HIGH (string)

integrityImpact : HIGH (string)

privilegesRequired : NONE (string)

scope : UNCHANGED (string)

userInteraction : NONE (string)

vectorString : CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H (string)

version : 3.1 (string)

}

exploitabilityScore : 3.9 (number)

impactScore : 5.9 (number)

source : nvd@nist.gov (string)

type : Primary (string)

}

]

}

published : 2022-04-05T17:15:08.477 (string)

references : [ »

0 : { »

source : cve@mitre.org (string)

url : https://github.com/php-memcached-dev/php-memcached/issues/519 (string)

}

1 : { »

source : cve@mitre.org (string)

tags : [ »

0 : Exploit (string)

1 : Third Party Advisory (string)

]

url : https://xhzeem.me/posts/Php5-memcached-Injection-Bypass/read/ (string)

}

2 : { »

source : af854a3a-2127-422b-91ae-364da2661108 (string)

url : https://github.com/php-memcached-dev/php-memcached/issues/519 (string)

}

3 : { »

source : af854a3a-2127-422b-91ae-364da2661108 (string)

tags : [ »

0 : Exploit (string)

1 : Third Party Advisory (string)

]

url : https://xhzeem.me/posts/Php5-memcached-Injection-Bypass/read/ (string)

}

]

sourceIdentifier : cve@mitre.org (string)

vulnStatus : Modified (string)

weaknesses : [ »

0 : { »

description : [ »

0 : { »

lang : en (string)

value : NVD-CWE-Other (string)

}

]

source : nvd@nist.gov (string)

type : Primary (string)

}

]

}

Metrics

Attack Vector Network

Attack Complexity Low

Privileges Required None

Scope Unchanged

Confidentiality Impact High

Integrity Impact High

Availability Impact High

User Interaction None

Access Vector Network

Access Complexity Low

Authentication None

Confidentiality Impact Partial

Integrity Impact Partial

Availability Impact Partial

Affected Vendors & Products

Metrics

Attack Vector Network

Attack Complexity Low

Privileges Required None

Scope Unchanged

Confidentiality Impact High

Integrity Impact High

Availability Impact High

User Interaction None

Access Vector Network

Access Complexity Low

Authentication None

Confidentiality Impact Partial

Integrity Impact Partial

Availability Impact Partial

Affected Vendors & Products

JSON object

JSON object

JSON object

JSON object