| Name | CVE-2022-26635 |
| Description | PHP-Memcached v2.2.0 and below contains an improper NULL termination which allows attackers to execute CLRF injection. Note: Third parties have disputed this as not affecting PHP-Memcached directly. |
| Source | CVE (at NVD; CERT, LWN, oss-sec, fulldisc, Red Hat, Ubuntu, Gentoo, SUSE bugzilla/CVE, GitHub advisories/code/issues, web search, more) |
Disputed issue, not considered a security issue by upstream:
https://github.com/php-memcached-dev/php-memcached/issues/519#issuecomment-1259303434
https://xhzeem.me/posts/Php5-memcached-Injection-Bypass/read/
https://github.com/php-memcached-dev/php-memcached/issues/519