Vulnerabilities > Memcached

DATE CVE VULNERABILITY TITLE RISK
2023-10-27 CVE-2023-46852 Classic Buffer Overflow vulnerability in Memcached
In Memcached before 1.6.22, a buffer overflow exists when processing multiget requests in proxy mode, if there are many spaces after the "get" substring.
network
low complexity
memcached CWE-120
7.5
2023-10-27 CVE-2023-46853 Off-by-one Error vulnerability in Memcached
In Memcached before 1.6.22, an off-by-one error exists when processing proxy requests in proxy mode, if \n is used instead of \r\n.
network
low complexity
memcached CWE-193
critical
9.8
2023-08-22 CVE-2020-22570 Command Injection vulnerability in Memcached 1.6.0/1.6.1/1.6.2
Memcached 1.6.0 before 1.6.3 allows remote attackers to cause a denial of service (daemon crash) via a crafted meta command.
network
low complexity
memcached CWE-77
7.5
2023-08-22 CVE-2022-48571 Resource Exhaustion vulnerability in Memcached 1.6.7
memcached 1.6.7 allows a Denial of Service via multi-packet uploads in UDP.
network
low complexity
memcached CWE-400
7.5
2023-02-03 CVE-2021-37519 Out-of-bounds Write vulnerability in Memcached 1.6.9
Buffer Overflow vulnerability in authfile.c memcached 1.6.9 allows attackers to cause a denial of service via crafted authenticattion file.
local
low complexity
memcached CWE-787
5.5
2020-03-24 CVE-2020-10931 Classic Buffer Overflow vulnerability in Memcached 1.6.0/1.6.1
Memcached 1.6.x before 1.6.2 allows remote attackers to cause a denial of service (daemon crash) via a crafted binary protocol header to try_read_command_binary in memcached.c.
network
low complexity
memcached CWE-120
5.0
2019-08-30 CVE-2019-15026 Out-of-bounds Read vulnerability in Memcached 1.5.16
memcached 1.5.16, when UNIX sockets are used, has a stack-based buffer over-read in conn_to_str in memcached.c.
network
low complexity
memcached CWE-125
7.5
2019-04-29 CVE-2019-11596 NULL Pointer Dereference vulnerability in multiple products
In memcached before 1.5.14, a NULL pointer dereference was found in the "lru mode" and "lru temp_ttl" commands.
network
low complexity
memcached canonical CWE-476
7.5
2018-03-13 CVE-2018-1000127 Improper Locking vulnerability in multiple products
memcached version prior to 1.4.37 contains an Integer Overflow vulnerability in items.c:item_free() that can result in data corruption and deadlocks due to items existing in hash table being reused from free list.
network
low complexity
memcached debian canonical redhat CWE-667
5.0
2018-03-05 CVE-2018-1000115 Resource Exhaustion vulnerability in multiple products
Memcached version 1.5.5 contains an Insufficient Control of Network Message Volume (Network Amplification, CWE-406) vulnerability in the UDP support of the memcached server that can result in denial of service via network flood (traffic amplification of 1:50,000 has been reported by reliable sources).
network
low complexity
memcached canonical debian redhat CWE-400
5.0