VYPR

Bitnami package

memcached

pkg:bitnami/memcached

Vulnerabilities (9)

  • CVE-2026-47784HigMay 20, 2026
    affected < 1.6.42fixed 1.6.42

    In memcached before 1.6.42, password data for SASL password database authentication has a timing side channel because memcmp is used by sasl_server_userdb_checkpass.

  • CVE-2026-47783HigMay 20, 2026
    affected < 1.6.42fixed 1.6.42

    In memcached before 1.6.42, username data for SASL password database authentication has a timing side channel because a loop exits as soon as a valid username is found by sasl_server_userdb_checkpass.

  • CVE-2023-46853Oct 27, 2023
    affected < 1.6.22fixed 1.6.22

    In Memcached before 1.6.22, an off-by-one error exists when processing proxy requests in proxy mode, if \n is used instead of \r\n.

  • CVE-2023-46852Oct 27, 2023
    affected < 1.6.22fixed 1.6.22

    In Memcached before 1.6.22, a buffer overflow exists when processing multiget requests in proxy mode, if there are many spaces after the "get" substring.

  • CVE-2022-48571Aug 22, 2023
    affected < 1.6.8fixed 1.6.8

    memcached 1.6.7 allows a Denial of Service via multi-packet uploads in UDP.

  • CVE-2020-22570Aug 22, 2023
    affected >= 1.6.0, < 1.6.3fixed 1.6.3

    Memcached 1.6.0 before 1.6.3 allows remote attackers to cause a denial of service (daemon crash) via a crafted meta command.

  • CVE-2023-27478Mar 7, 2023
    affected >= 1.0.18, < 1.1.4fixed 1.1.4

    libmemcached-awesome is an open source C/C++ client library and tools for the memcached server. `libmemcached` could return data for a previously requested key, if that previous request timed out due to a low `POLL_TIMEOUT`. This issue has been addressed in version 1.1.4. Users a

  • CVE-2021-37519Feb 3, 2023
    affected < 1.6.10fixed 1.6.10

    Buffer Overflow vulnerability in authfile.c memcached 1.6.9 allows attackers to cause a denial of service via crafted authenticattion file.

  • CVE-2020-10931Mar 24, 2020
    affected >= 1.6.0, < 1.6.2fixed 1.6.2

    Memcached 1.6.x before 1.6.2 allows remote attackers to cause a denial of service (daemon crash) via a crafted binary protocol header to try_read_command_binary in memcached.c.