Vulnerabilities > Memcached > Memcached > 1.4.1
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2023-10-27 | CVE-2023-46852 | Classic Buffer Overflow vulnerability in Memcached In Memcached before 1.6.22, a buffer overflow exists when processing multiget requests in proxy mode, if there are many spaces after the "get" substring. | 7.5 |
| 2023-10-27 | CVE-2023-46853 | Off-by-one Error vulnerability in Memcached In Memcached before 1.6.22, an off-by-one error exists when processing proxy requests in proxy mode, if \n is used instead of \r\n. | 9.8 |
| 2019-04-29 | CVE-2019-11596 | NULL Pointer Dereference vulnerability in multiple products In memcached before 1.5.14, a NULL pointer dereference was found in the "lru mode" and "lru temp_ttl" commands. | 7.5 |
| 2018-03-13 | CVE-2018-1000127 | Improper Locking vulnerability in multiple products memcached version prior to 1.4.37 contains an Integer Overflow vulnerability in items.c:item_free() that can result in data corruption and deadlocks due to items existing in hash table being reused from free list. | 5.0 |
| 2017-07-17 | CVE-2017-9951 | Unspecified vulnerability in Memcached The try_read_command function in memcached.c in memcached before 1.4.39 allows remote attackers to cause a denial of service (segmentation fault) via a request to add/set a key, which makes a comparison between signed and unsigned int and triggers a heap-based buffer over-read. | 5.0 |
| 2017-01-06 | CVE-2016-8706 | Integer Overflow or Wraparound vulnerability in Memcached An integer overflow in process_bin_sasl_auth function in Memcached, which is responsible for authentication commands of Memcached binary protocol, can be abused to cause heap overflow and lead to remote code execution. | 6.8 |
| 2017-01-06 | CVE-2016-8705 | Integer Overflow or Wraparound vulnerability in Memcached Multiple integer overflows in process_bin_update function in Memcached, which is responsible for processing multiple commands of Memcached binary protocol, can be abused to cause heap overflow and lead to remote code execution. | 7.5 |
| 2017-01-06 | CVE-2016-8704 | Integer Overflow or Wraparound vulnerability in Memcached An integer overflow in the process_bin_append_prepend function in Memcached, which is responsible for processing multiple commands of Memcached binary protocol, can be abused to cause heap overflow and lead to remote code execution. | 7.5 |
| 2014-01-13 | CVE-2013-7291 | Improper Restriction of Operations Within the Bounds of A Memory Buffer vulnerability in Memcached memcached before 1.4.17, when running in verbose mode, allows remote attackers to cause a denial of service (crash) via a request that triggers an "unbounded key print" during logging, related to an issue that was "quickly grepped out of the source tree," a different vulnerability than CVE-2013-0179 and CVE-2013-7290. | 1.8 |
| 2014-01-13 | CVE-2013-7239 | Improper Authentication vulnerability in Memcached memcached before 1.4.17 allows remote attackers to bypass authentication by sending an invalid request with SASL credentials, then sending another request with incorrect SASL credentials. | 4.8 |