memcached is vulnerable to denial of service. The UDP support of the server allows spoofed traffic amplification denial of service. A remote attacker is able to exploit the vulnerability and crash the application via a network flood to UDP port 11211.
access.redhat.com/errata/RHBA-2018:2140
access.redhat.com/errata/RHSA-2018:1593
access.redhat.com/errata/RHSA-2018:1627
access.redhat.com/errata/RHSA-2018:2331
access.redhat.com/errata/RHSA-2018:2857
access.redhat.com/security/cve/CVE-2018-1000115
blogs.akamai.com/2018/03/memcached-fueled-13-tbps-attacks.html
bugzilla.redhat.com/show_bug.cgi?id=1467649
bugzilla.redhat.com/show_bug.cgi?id=1512489
bugzilla.redhat.com/show_bug.cgi?id=1517268
bugzilla.redhat.com/show_bug.cgi?id=1532610
bugzilla.redhat.com/show_bug.cgi?id=1533948
bugzilla.redhat.com/show_bug.cgi?id=1556958
bugzilla.redhat.com/show_bug.cgi?id=1562405
github.com/memcached/memcached/commit/dbb7a8af90054bf4ef51f5814ef7ceb17d83d974
github.com/memcached/memcached/issues/348
github.com/memcached/memcached/wiki/ReleaseNotes156
twitter.com/dormando/status/968579781729009664
usn.ubuntu.com/3588-1/
www.debian.org/security/2018/dsa-4218
www.exploit-db.com/exploits/44264/
www.exploit-db.com/exploits/44265/
www.synology.com/support/security/Synology_SA_18_07