VYPR
Vendor

Memcached

Products
1
CVEs
27
Across products
27
Status
Private

Products

1

Recent CVEs

27
View all 27 CVEs →
  • CVE-2016-8704CriJan 6, 2017
    risk 0.66cvss 9.8epss 0.23

    An integer overflow in the process_bin_append_prepend function in Memcached, which is responsible for processing multiple commands of Memcached binary protocol, can be abused to cause heap overflow and lead to remote code execution.

  • CVE-2016-8705CriJan 6, 2017
    risk 0.65cvss 9.8epss 0.20

    Multiple integer overflows in process_bin_update function in Memcached, which is responsible for processing multiple commands of Memcached binary protocol, can be abused to cause heap overflow and lead to remote code execution.

  • CVE-2016-8706HigJan 6, 2017
    risk 0.56cvss 8.1epss 0.46

    An integer overflow in process_bin_sasl_auth function in Memcached, which is responsible for authentication commands of Memcached binary protocol, can be abused to cause heap overflow and lead to remote code execution.

  • CVE-2017-9951HigJul 17, 2017
    risk 0.49cvss 7.5epss 0.04

    The try_read_command function in memcached.c in memcached before 1.4.39 allows remote attackers to cause a denial of service (segmentation fault) via a request to add/set a key, which makes a comparison between signed and unsigned int and triggers a heap-based buffer over-read.…

  • CVE-2026-47784HigMay 20, 2026
    risk 0.46cvss 8.1epss 0.01

    In memcached before 1.6.42, password data for SASL password database authentication has a timing side channel because memcmp is used by sasl_server_userdb_checkpass.

  • CVE-2026-47783HigMay 20, 2026
    risk 0.46cvss 8.1epss 0.01

    In memcached before 1.6.42, username data for SASL password database authentication has a timing side channel because a loop exits as soon as a valid username is found by sasl_server_userdb_checkpass.

  • CVE-2018-1000115HigMar 5, 2018
    risk 0.10cvss 7.5epss 0.89

    Memcached version 1.5.5 contains an Insufficient Control of Network Message Volume (Network Amplification, CWE-406) vulnerability in the UDP support of the memcached server that can result in denial of service via network flood (traffic amplification of 1:50,000 has been…

  • CVE-2011-4971Dec 12, 2013
    risk 0.05cvss epss 0.22

    Multiple integer signedness errors in the (1) process_bin_sasl_auth, (2) process_bin_complete_sasl_auth, (3) process_bin_update, and (4) process_bin_append_prepend functions in Memcached 1.4.5 and earlier allow remote attackers to cause a denial of service (crash) via a large…

  • CVE-2020-10931Mar 24, 2020
    risk 0.02cvss epss 0.28

    Memcached 1.6.x before 1.6.2 allows remote attackers to cause a denial of service (daemon crash) via a crafted binary protocol header to try_read_command_binary in memcached.c.

  • CVE-2022-26635Apr 5, 2022
    risk 0.01cvss epss 0.21

    PHP-Memcached v2.2.0 and below contains an improper NULL termination which allows attackers to execute CLRF injection. Note: Third parties have disputed this as not affecting PHP-Memcached directly.

  • CVE-2009-2415Aug 10, 2009
    risk 0.01cvss epss 0.07

    Multiple integer overflows in memcached 1.1.12 and 1.2.2 allow remote attackers to execute arbitrary code via vectors involving length attributes that trigger heap-based buffer overflows.

  • CVE-2023-46853Oct 27, 2023
    risk 0.00cvss epss 0.01

    In Memcached before 1.6.22, an off-by-one error exists when processing proxy requests in proxy mode, if \n is used instead of \r\n.

  • CVE-2023-46852Oct 27, 2023
    risk 0.00cvss epss 0.01

    In Memcached before 1.6.22, a buffer overflow exists when processing multiget requests in proxy mode, if there are many spaces after the "get" substring.

  • CVE-2022-48571Aug 22, 2023
    risk 0.00cvss epss 0.01

    memcached 1.6.7 allows a Denial of Service via multi-packet uploads in UDP.

  • CVE-2020-22570Aug 22, 2023
    risk 0.00cvss epss 0.01

    Memcached 1.6.0 before 1.6.3 allows remote attackers to cause a denial of service (daemon crash) via a crafted meta command.

  • CVE-2021-37519Feb 3, 2023
    risk 0.00cvss epss 0.00

    Buffer Overflow vulnerability in authfile.c memcached 1.6.9 allows attackers to cause a denial of service via crafted authenticattion file.

  • CVE-2020-35197Dec 17, 2020
    risk 0.00cvss epss 0.02

    The official memcached docker images before 1.5.11-alpine (Alpine specific) contain a blank password for a root user. System using the memcached docker container deployed by affected versions of the docker image may allow a remote attacker to achieve root access with a blank…

  • CVE-2019-15026Aug 30, 2019
    risk 0.00cvss epss 0.03

    memcached 1.5.16, when UNIX sockets are used, has a stack-based buffer over-read in conn_to_str in memcached.c.

  • CVE-2019-11596Apr 29, 2019
    risk 0.00cvss epss 0.03

    In memcached before 1.5.14, a NULL pointer dereference was found in the "lru mode" and "lru temp_ttl" commands. This causes a denial of service when parsing crafted lru command messages in process_lru_command in memcached.c.

  • CVE-2018-1000127HigMar 13, 2018
    risk 0.00cvss 7.5epss 0.02

    memcached version prior to 1.4.37 contains an Integer Overflow vulnerability in items.c:item_free() that can result in data corruption and deadlocks due to items existing in hash table being reused from free list. This attack appear to be exploitable via network connectivity to…