Skip to main content

Memcached

17 CVEs product

Monthly

CVE-2026-47783 HIGH PATCH This Week

Observable timing discrepancy in memcached prior to version 1.6.42 enables remote attackers to enumerate valid SASL authentication usernames by measuring response time differences. The vulnerable sasl_server_userdb_checkpass function exits its credential-file loop early upon matching a valid username, producing measurable timing variance between known and unknown accounts. No public exploit identified at time of analysis, and the issue is not listed in CISA KEV.

Information Disclosure Memcached
NVD GitHub VulDB
CVSS 3.1
8.1
EPSS
0.1%
CVE-2023-46853 CRITICAL PATCH Act Now

In Memcached before 1.6.22, an off-by-one error exists when processing proxy requests in proxy mode, if \n is used instead of \r\n. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Information Disclosure Memcached
NVD GitHub
CVSS 3.1
9.8
EPSS
0.8%
CVE-2023-46852 HIGH PATCH This Week

In Memcached before 1.6.22, a buffer overflow exists when processing multiget requests in proxy mode, if there are many spaces after the "get" substring. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Buffer Copy without Size Check vulnerability could allow attackers to overflow a buffer to corrupt adjacent memory.

Buffer Overflow Memcached
NVD GitHub
CVSS 3.1
7.5
EPSS
0.8%
CVE-2022-26635 CRITICAL POC THREAT Act Now

PHP-Memcached v2.2.0 and below contains an improper NULL termination which allows attackers to execute CLRF injection. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Code Injection Memcached
NVD GitHub
CVSS 3.1
9.8
EPSS
21.4%
CVE-2020-10931 HIGH POC PATCH THREAT This Week

Memcached 1.6.x before 1.6.2 allows remote attackers to cause a denial of service (daemon crash) via a crafted binary protocol header to try_read_command_binary in memcached.c. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

Buffer Overflow Denial Of Service Memcached
NVD GitHub
CVSS 3.1
7.5
EPSS
28.1%
CVE-2019-15026 HIGH PATCH This Week

memcached 1.5.16, when UNIX sockets are used, has a stack-based buffer over-read in conn_to_str in memcached.c. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Out-of-bounds Read vulnerability could allow attackers to read data from memory outside the intended buffer boundaries.

Buffer Overflow Information Disclosure Memcached
NVD GitHub
CVSS 3.0
7.5
EPSS
2.6%
CVE-2019-11596 HIGH POC PATCH This Week

In memcached before 1.5.14, a NULL pointer dereference was found in the "lru mode" and "lru temp_ttl" commands. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

Null Pointer Dereference Denial Of Service Memcached Ubuntu Linux
NVD GitHub
CVSS 3.0
7.5
EPSS
3.0%
CVE-2018-1000127 HIGH PATCH This Week

memcached version prior to 1.4.37 contains an Integer Overflow vulnerability in items.c:item_free() that can result in data corruption and deadlocks due to items existing in hash table being reused. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Integer Overflow Buffer Overflow Memcached Debian Linux Ubuntu Linux +1
NVD GitHub
CVSS 3.0
7.5
EPSS
2.3%
CVE-2018-1000115 HIGH POC PATCH THREAT This Week

Memcached version 1.5.5 contains an Insufficient Control of Network Message Volume (Network Amplification, CWE-406) vulnerability in the UDP support of the memcached server that can result in denial. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

Denial Of Service Memcached Ubuntu Linux Debian Linux Openstack
NVD GitHub Exploit-DB
CVSS 3.0
7.5
EPSS
88.4%
CVE-2017-9951 HIGH POC This Week

The try_read_command function in memcached.c in memcached before 1.4.39 allows remote attackers to cause a denial of service (segmentation fault) via a request to add/set a key, which makes a. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Denial Of Service Memcached
NVD GitHub
CVSS 3.0
7.5
EPSS
1.7%
CVE-2016-8706 HIGH POC THREAT Act Now

An integer overflow in process_bin_sasl_auth function in Memcached, which is responsible for authentication commands of Memcached binary protocol, can be abused to cause heap overflow and lead to. Rated high severity (CVSS 8.1), this vulnerability is remotely exploitable, no authentication required. Public exploit code available and EPSS exploitation probability 51.8%.

Integer Overflow RCE Memcached
NVD
CVSS 3.0
8.1
EPSS
51.8%
Threat
4.7
CVE-2016-8705 CRITICAL POC THREAT Emergency

Multiple integer overflows in process_bin_update function in Memcached, which is responsible for processing multiple commands of Memcached binary protocol, can be abused to cause heap overflow and. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and EPSS exploitation probability 12.6%.

Integer Overflow RCE Memcached
NVD
CVSS 3.0
9.8
EPSS
12.6%
CVE-2016-8704 CRITICAL POC THREAT Emergency

An integer overflow in the process_bin_append_prepend function in Memcached, which is responsible for processing multiple commands of Memcached binary protocol, can be abused to cause heap overflow. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and EPSS exploitation probability 14.3%.

Integer Overflow RCE Memcached
NVD
CVSS 3.0
9.8
EPSS
14.3%
CVE-2013-7291 LOW POC PATCH Monitor

memcached before 1.4.17, when running in verbose mode, allows remote attackers to cause a denial of service (crash) via a request that triggers an "unbounded key print" during logging, related to an. Rated low severity (CVSS 1.8). Public exploit code available.

Buffer Overflow Denial Of Service Memcached
NVD
CVSS 2.0
1.8
EPSS
0.2%
CVE-2013-7290 LOW POC PATCH Monitor

The do_item_get function in items.c in memcached 1.4.4 and other versions before 1.4.17, when running in verbose mode, allows remote attackers to cause a denial of service (segmentation fault) via a. Rated low severity (CVSS 1.8). Public exploit code available.

Buffer Overflow Denial Of Service Memcached
NVD
CVSS 2.0
1.8
EPSS
0.2%
CVE-2013-7239 MEDIUM PATCH This Month

memcached before 1.4.17 allows remote attackers to bypass authentication by sending an invalid request with SASL credentials, then sending another request with incorrect SASL credentials. Rated medium severity (CVSS 4.8), this vulnerability is low attack complexity. This Improper Authentication vulnerability could allow attackers to bypass authentication mechanisms to gain unauthorized access.

Authentication Bypass Memcached
NVD
CVSS 2.0
4.8
EPSS
0.3%
CVE-2013-0179 LOW POC Monitor

The process_bin_delete function in memcached.c in memcached 1.4.4 and other versions before 1.4.17, when running in verbose mode, allows remote attackers to cause a denial of service (segmentation. Rated low severity (CVSS 1.8). Public exploit code available and no vendor patch available.

Buffer Overflow Denial Of Service Memcached
NVD
CVSS 2.0
1.8
EPSS
1.3%
EPSS 0% CVSS 8.1
HIGH PATCH This Week

Observable timing discrepancy in memcached prior to version 1.6.42 enables remote attackers to enumerate valid SASL authentication usernames by measuring response time differences. The vulnerable sasl_server_userdb_checkpass function exits its credential-file loop early upon matching a valid username, producing measurable timing variance between known and unknown accounts. No public exploit identified at time of analysis, and the issue is not listed in CISA KEV.

Information Disclosure Memcached
NVD GitHub VulDB
EPSS 1% CVSS 9.8
CRITICAL PATCH Act Now

In Memcached before 1.6.22, an off-by-one error exists when processing proxy requests in proxy mode, if \n is used instead of \r\n. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Information Disclosure Memcached
NVD GitHub
EPSS 1% CVSS 7.5
HIGH PATCH This Week

In Memcached before 1.6.22, a buffer overflow exists when processing multiget requests in proxy mode, if there are many spaces after the "get" substring. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Buffer Copy without Size Check vulnerability could allow attackers to overflow a buffer to corrupt adjacent memory.

Buffer Overflow Memcached
NVD GitHub
EPSS 21% CVSS 9.8
CRITICAL POC THREAT Act Now

PHP-Memcached v2.2.0 and below contains an improper NULL termination which allows attackers to execute CLRF injection. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Code Injection Memcached
NVD GitHub
EPSS 28% CVSS 7.5
HIGH POC PATCH THREAT This Week

Memcached 1.6.x before 1.6.2 allows remote attackers to cause a denial of service (daemon crash) via a crafted binary protocol header to try_read_command_binary in memcached.c. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

Buffer Overflow Denial Of Service Memcached
NVD GitHub
EPSS 3% CVSS 7.5
HIGH PATCH This Week

memcached 1.5.16, when UNIX sockets are used, has a stack-based buffer over-read in conn_to_str in memcached.c. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Out-of-bounds Read vulnerability could allow attackers to read data from memory outside the intended buffer boundaries.

Buffer Overflow Information Disclosure Memcached
NVD GitHub
EPSS 3% CVSS 7.5
HIGH POC PATCH This Week

In memcached before 1.5.14, a NULL pointer dereference was found in the "lru mode" and "lru temp_ttl" commands. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

Null Pointer Dereference Denial Of Service Memcached +1
NVD GitHub
EPSS 2% CVSS 7.5
HIGH PATCH This Week

memcached version prior to 1.4.37 contains an Integer Overflow vulnerability in items.c:item_free() that can result in data corruption and deadlocks due to items existing in hash table being reused. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Integer Overflow Buffer Overflow Memcached +3
NVD GitHub
EPSS 88% CVSS 7.5
HIGH POC PATCH THREAT This Week

Memcached version 1.5.5 contains an Insufficient Control of Network Message Volume (Network Amplification, CWE-406) vulnerability in the UDP support of the memcached server that can result in denial. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

Denial Of Service Memcached Ubuntu Linux +2
NVD GitHub Exploit-DB
EPSS 2% CVSS 7.5
HIGH POC This Week

The try_read_command function in memcached.c in memcached before 1.4.39 allows remote attackers to cause a denial of service (segmentation fault) via a request to add/set a key, which makes a. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Denial Of Service Memcached
NVD GitHub
EPSS 52% 4.7 CVSS 8.1
HIGH POC THREAT Act Now

An integer overflow in process_bin_sasl_auth function in Memcached, which is responsible for authentication commands of Memcached binary protocol, can be abused to cause heap overflow and lead to. Rated high severity (CVSS 8.1), this vulnerability is remotely exploitable, no authentication required. Public exploit code available and EPSS exploitation probability 51.8%.

Integer Overflow RCE Memcached
NVD
EPSS 13% CVSS 9.8
CRITICAL POC THREAT Emergency

Multiple integer overflows in process_bin_update function in Memcached, which is responsible for processing multiple commands of Memcached binary protocol, can be abused to cause heap overflow and. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and EPSS exploitation probability 12.6%.

Integer Overflow RCE Memcached
NVD
EPSS 14% CVSS 9.8
CRITICAL POC THREAT Emergency

An integer overflow in the process_bin_append_prepend function in Memcached, which is responsible for processing multiple commands of Memcached binary protocol, can be abused to cause heap overflow. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and EPSS exploitation probability 14.3%.

Integer Overflow RCE Memcached
NVD
EPSS 0% CVSS 1.8
LOW POC PATCH Monitor

memcached before 1.4.17, when running in verbose mode, allows remote attackers to cause a denial of service (crash) via a request that triggers an "unbounded key print" during logging, related to an. Rated low severity (CVSS 1.8). Public exploit code available.

Buffer Overflow Denial Of Service Memcached
NVD
EPSS 0% CVSS 1.8
LOW POC PATCH Monitor

The do_item_get function in items.c in memcached 1.4.4 and other versions before 1.4.17, when running in verbose mode, allows remote attackers to cause a denial of service (segmentation fault) via a. Rated low severity (CVSS 1.8). Public exploit code available.

Buffer Overflow Denial Of Service Memcached
NVD
EPSS 0% CVSS 4.8
MEDIUM PATCH This Month

memcached before 1.4.17 allows remote attackers to bypass authentication by sending an invalid request with SASL credentials, then sending another request with incorrect SASL credentials. Rated medium severity (CVSS 4.8), this vulnerability is low attack complexity. This Improper Authentication vulnerability could allow attackers to bypass authentication mechanisms to gain unauthorized access.

Authentication Bypass Memcached
NVD
EPSS 1% CVSS 1.8
LOW POC Monitor

The process_bin_delete function in memcached.c in memcached 1.4.4 and other versions before 1.4.17, when running in verbose mode, allows remote attackers to cause a denial of service (segmentation. Rated low severity (CVSS 1.8). Public exploit code available and no vendor patch available.

Buffer Overflow Denial Of Service Memcached
NVD

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy