CVE-2022-26635 #519
Comments
|
This should not be a CVE against php-memcached, but for whatever software the issue was actually found in. |
|
Thank you for the clarification @m6w6 🙏 I have sent MITRE a request to remove php-memcached from this CVE and referenced your response. |
was there any response? |
|
I have not heard back. The owning CNA is MITRE. I'll ask for an update and CC you. |
kraj
pushed a commit
to YoeDistro/meta-openembedded
that referenced
this issue
Dec 19, 2024
Per [1] this is a problem of applications using memcached inproperly. This should not be a CVE against php-memcached, but for whatever software the issue was actually found in. php-memcached and libmemcached provide a VERIFY_KEY flag if they're too lazy to filter untrusted user input. [1] php-memcached-dev/php-memcached#519 Signed-off-by: Peter Marko <[email protected]> Signed-off-by: Khem Raj <[email protected]>
daregit
pushed a commit
to daregit/yocto-combined
that referenced
this issue
Dec 21, 2024
Per [1] this is a problem of applications using memcached inproperly. This should not be a CVE against php-memcached, but for whatever software the issue was actually found in. php-memcached and libmemcached provide a VERIFY_KEY flag if they're too lazy to filter untrusted user input. [1] php-memcached-dev/php-memcached#519 Signed-off-by: Peter Marko <peter.markosiemens.com> Signed-off-by: Khem Raj <raj.khemgmail.com>
daregit
pushed a commit
to daregit/yocto-combined
that referenced
this issue
Dec 22, 2024
Per [1] this is a problem of applications using memcached inproperly. This should not be a CVE against php-memcached, but for whatever software the issue was actually found in. php-memcached and libmemcached provide a VERIFY_KEY flag if they're too lazy to filter untrusted user input. [1] php-memcached-dev/php-memcached#519 Signed-off-by: Peter Marko <peter.markosiemens.com> Signed-off-by: Khem Raj <raj.khemgmail.com>
github-actions bot
pushed a commit
to Boeing/meta-openembedded-contrib
that referenced
this issue
Jan 5, 2025
Per [1] this is a problem of applications using memcached inproperly. This should not be a CVE against php-memcached, but for whatever software the issue was actually found in. php-memcached and libmemcached provide a VERIFY_KEY flag if they're too lazy to filter untrusted user input. [1] php-memcached-dev/php-memcached#519 Signed-off-by: Peter Marko <[email protected]> Signed-off-by: Khem Raj <[email protected]> (cherry picked from commit 889ccce) Signed-off-by: Armin Kuster <[email protected]>
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Hello, I have a few questions about this CVE.
Will CVE-2022-26635 123 be patched for php-memcached version 2.2.x?
Does this vulnerability impact any 3.x versions?
Might this impact libmemcached?
Thank you 🙏
Footnotes
https://nvd.nist.gov/vuln/detail/CVE-2022-26635 ↩
https://xhzeem.me/posts/Php5-memcached-Injection-Bypass/read/ ↩
https://github.com/advisories/GHSA-hph6-79wj-qqmw ↩
The text was updated successfully, but these errors were encountered: