Vulnerabilities > Memcached > Medium
DATE | CVE | VULNERABILITY TITLE | RISK |
---|---|---|---|
2023-02-03 | CVE-2021-37519 | Out-of-bounds Write vulnerability in Memcached 1.6.9 Buffer Overflow vulnerability in authfile.c memcached 1.6.9 allows attackers to cause a denial of service via crafted authenticattion file. | 5.5 |
2020-03-24 | CVE-2020-10931 | Classic Buffer Overflow vulnerability in Memcached 1.6.0/1.6.1 Memcached 1.6.x before 1.6.2 allows remote attackers to cause a denial of service (daemon crash) via a crafted binary protocol header to try_read_command_binary in memcached.c. | 5.0 |
2018-03-13 | CVE-2018-1000127 | Improper Locking vulnerability in multiple products memcached version prior to 1.4.37 contains an Integer Overflow vulnerability in items.c:item_free() that can result in data corruption and deadlocks due to items existing in hash table being reused from free list. | 5.0 |
2018-03-05 | CVE-2018-1000115 | Resource Exhaustion vulnerability in multiple products Memcached version 1.5.5 contains an Insufficient Control of Network Message Volume (Network Amplification, CWE-406) vulnerability in the UDP support of the memcached server that can result in denial of service via network flood (traffic amplification of 1:50,000 has been reported by reliable sources). | 5.0 |
2017-07-17 | CVE-2017-9951 | Unspecified vulnerability in Memcached The try_read_command function in memcached.c in memcached before 1.4.39 allows remote attackers to cause a denial of service (segmentation fault) via a request to add/set a key, which makes a comparison between signed and unsigned int and triggers a heap-based buffer over-read. | 5.0 |
2017-01-06 | CVE-2016-8706 | Integer Overflow or Wraparound vulnerability in Memcached An integer overflow in process_bin_sasl_auth function in Memcached, which is responsible for authentication commands of Memcached binary protocol, can be abused to cause heap overflow and lead to remote code execution. | 6.8 |
2014-01-13 | CVE-2013-7239 | Improper Authentication vulnerability in Memcached memcached before 1.4.17 allows remote attackers to bypass authentication by sending an invalid request with SASL credentials, then sending another request with incorrect SASL credentials. | 4.8 |
2013-12-12 | CVE-2011-4971 | Numeric Errors vulnerability in Memcached Multiple integer signedness errors in the (1) process_bin_sasl_auth, (2) process_bin_complete_sasl_auth, (3) process_bin_update, and (4) process_bin_append_prepend functions in Memcached 1.4.5 and earlier allow remote attackers to cause a denial of service (crash) via a large body length value in a packet. | 5.0 |