Bitnami package
memcached
pkg:bitnami/memcached
Vulnerabilities (9)
| CVE | Sev | CVSS | KEV | Affected versions | Fixed in | Published | Description |
|---|---|---|---|---|---|---|---|
| CVE-2026-47784 | Hig | 8.1 | < 1.6.42 | 1.6.42 | May 20, 2026 | In memcached before 1.6.42, password data for SASL password database authentication has a timing side channel because memcmp is used by sasl_server_userdb_checkpass. | |
| CVE-2026-47783 | Hig | 8.1 | < 1.6.42 | 1.6.42 | May 20, 2026 | In memcached before 1.6.42, username data for SASL password database authentication has a timing side channel because a loop exits as soon as a valid username is found by sasl_server_userdb_checkpass. | |
| CVE-2023-46853 | — | < 1.6.22 | 1.6.22 | Oct 27, 2023 | In Memcached before 1.6.22, an off-by-one error exists when processing proxy requests in proxy mode, if \n is used instead of \r\n. | ||
| CVE-2023-46852 | — | < 1.6.22 | 1.6.22 | Oct 27, 2023 | In Memcached before 1.6.22, a buffer overflow exists when processing multiget requests in proxy mode, if there are many spaces after the "get" substring. | ||
| CVE-2022-48571 | — | < 1.6.8 | 1.6.8 | Aug 22, 2023 | memcached 1.6.7 allows a Denial of Service via multi-packet uploads in UDP. | ||
| CVE-2020-22570 | — | >= 1.6.0, < 1.6.3 | 1.6.3 | Aug 22, 2023 | Memcached 1.6.0 before 1.6.3 allows remote attackers to cause a denial of service (daemon crash) via a crafted meta command. | ||
| CVE-2023-27478 | — | >= 1.0.18, < 1.1.4 | 1.1.4 | Mar 7, 2023 | libmemcached-awesome is an open source C/C++ client library and tools for the memcached server. `libmemcached` could return data for a previously requested key, if that previous request timed out due to a low `POLL_TIMEOUT`. This issue has been addressed in version 1.1.4. Users a | ||
| CVE-2021-37519 | — | < 1.6.10 | 1.6.10 | Feb 3, 2023 | Buffer Overflow vulnerability in authfile.c memcached 1.6.9 allows attackers to cause a denial of service via crafted authenticattion file. | ||
| CVE-2020-10931 | — | >= 1.6.0, < 1.6.2 | 1.6.2 | Mar 24, 2020 | Memcached 1.6.x before 1.6.2 allows remote attackers to cause a denial of service (daemon crash) via a crafted binary protocol header to try_read_command_binary in memcached.c. |
- affected < 1.6.42fixed 1.6.42
In memcached before 1.6.42, password data for SASL password database authentication has a timing side channel because memcmp is used by sasl_server_userdb_checkpass.
- affected < 1.6.42fixed 1.6.42
In memcached before 1.6.42, username data for SASL password database authentication has a timing side channel because a loop exits as soon as a valid username is found by sasl_server_userdb_checkpass.
- CVE-2023-46853Oct 27, 2023affected < 1.6.22fixed 1.6.22
In Memcached before 1.6.22, an off-by-one error exists when processing proxy requests in proxy mode, if \n is used instead of \r\n.
- CVE-2023-46852Oct 27, 2023affected < 1.6.22fixed 1.6.22
In Memcached before 1.6.22, a buffer overflow exists when processing multiget requests in proxy mode, if there are many spaces after the "get" substring.
- CVE-2022-48571Aug 22, 2023affected < 1.6.8fixed 1.6.8
memcached 1.6.7 allows a Denial of Service via multi-packet uploads in UDP.
- CVE-2020-22570Aug 22, 2023affected >= 1.6.0, < 1.6.3fixed 1.6.3
Memcached 1.6.0 before 1.6.3 allows remote attackers to cause a denial of service (daemon crash) via a crafted meta command.
- CVE-2023-27478Mar 7, 2023affected >= 1.0.18, < 1.1.4fixed 1.1.4
libmemcached-awesome is an open source C/C++ client library and tools for the memcached server. `libmemcached` could return data for a previously requested key, if that previous request timed out due to a low `POLL_TIMEOUT`. This issue has been addressed in version 1.1.4. Users a
- CVE-2021-37519Feb 3, 2023affected < 1.6.10fixed 1.6.10
Buffer Overflow vulnerability in authfile.c memcached 1.6.9 allows attackers to cause a denial of service via crafted authenticattion file.
- CVE-2020-10931Mar 24, 2020affected >= 1.6.0, < 1.6.2fixed 1.6.2
Memcached 1.6.x before 1.6.2 allows remote attackers to cause a denial of service (daemon crash) via a crafted binary protocol header to try_read_command_binary in memcached.c.