CVE-2020-22570
📋 TL;DR
This vulnerability in Memcached allows remote attackers to crash the daemon by sending specially crafted meta commands. It affects Memcached servers running versions 1.6.0 through 1.6.2. Any system with Memcached exposed to untrusted networks is vulnerable to denial of service attacks.
💻 Affected Systems
- Memcached
📦 What is this software?
Memcached by Memcached
⚠️ Risk & Real-World Impact
Worst Case
Complete denial of service for applications relying on Memcached, potentially causing application downtime and cascading failures in dependent systems.
Likely Case
Intermittent service disruption as attackers crash Memcached instances, requiring manual restart and causing temporary application performance degradation.
If Mitigated
Minimal impact if Memcached is properly firewalled and only accessible to trusted internal systems.
🎯 Exploit Status
The GitHub issue contains technical details that could be used to create an exploit. Meta commands are a documented feature of Memcached protocol.
🛠️ Fix & Mitigation
✅ Official Fix
Patch Version: 1.6.3 and later
Vendor Advisory: https://github.com/memcached/memcached/issues/636
Restart Required: Yes
Instructions:
1. Download Memcached 1.6.3 or later from official sources. 2. Stop the current Memcached service. 3. Install the updated version. 4. Restart Memcached service. 5. Verify the new version is running.
🔧 Temporary Workarounds
Network Access Restriction
linuxRestrict Memcached access to trusted IP addresses only using firewall rules.
iptables -A INPUT -p tcp --dport 11211 -s trusted_ip -j ACCEPT
iptables -A INPUT -p tcp --dport 11211 -j DROP
Bind to Local Interface
allConfigure Memcached to only listen on localhost/127.0.0.1 instead of all interfaces.
memcached -l 127.0.0.1
🧯 If You Can't Patch
- Implement strict network access controls to limit Memcached exposure to only trusted systems
- Monitor Memcached process health and implement automatic restart scripts for crash recovery
🔍 How to Verify
Check if Vulnerable:
Check Memcached version: memcached -h | grep version. If version is between 1.6.0 and 1.6.2, system is vulnerable.Check Version:
memcached -h | grep versionVerify Fix Applied:
After patching, verify version is 1.6.3 or higher: memcached -h | grep version📡 Detection & Monitoring
Log Indicators:
- Memcached daemon crash/restart logs
- Unexpected termination of memcached process
- Connection attempts followed by service failure
Network Indicators:
- Unusual meta command traffic to port 11211
- Multiple connection attempts to Memcached from single source
SIEM Query:
source="memcached.log" AND ("crash" OR "segmentation fault" OR "terminated")