Memcached: >> Memcached >> 1.5.0 Security Vulnerabilities
In memcached before 1.6.42, username data for SASL password database authentication has a timing side channel because a loop exits as soon as a valid username is found by sasl_server_userdb_checkpass.
CVSS Score
8.1
EPSS Score
0.001
Published
2026-05-20
In memcached before 1.6.42, password data for SASL password database authentication has a timing side channel because memcmp is used by sasl_server_userdb_checkpass.
CVSS Score
8.1
EPSS Score
0.001
Published
2026-05-20
In Memcached before 1.6.22, a buffer overflow exists when processing multiget requests in proxy mode, if there are many spaces after the "get" substring.
CVSS Score
7.5
EPSS Score
0.001
Published
2023-10-27
In Memcached before 1.6.22, an off-by-one error exists when processing proxy requests in proxy mode, if \n is used instead of \r\n.
CVSS Score
9.8
EPSS Score
0.002
Published
2023-10-27
In memcached before 1.5.14, a NULL pointer dereference was found in the "lru mode" and "lru temp_ttl" commands. This causes a denial of service when parsing crafted lru command messages in process_lru_command in memcached.c.
CVSS Score
7.5
EPSS Score
0.016
Published
2019-04-29