CVE-2023-46853

< 1.6.22

In Memcached before 1.6.22, an off-by-one error exists when processing proxy requests in proxy mode, if \n is used instead of \r\n

9.8CRITICAL

CVE-2023-46852

< 1.6.22

In Memcached before 1.6.22, a buffer overflow exists when processing multiget requests in proxy mode, if there are many spaces aft

7.5HIGH

CVE-2022-48571

all versions

memcached 1.6.7 allows a Denial of Service via multi-packet uploads in UDP.

7.5HIGH

CVE-2020-22570

>= 1.6.0 and < 1.6.3

Memcached 1.6.0 before 1.6.3 allows remote attackers to cause a denial of service (daemon crash) via a crafted meta command.

7.5HIGH

CVE-2021-37519

all versions

Buffer Overflow vulnerability in authfile.c memcached 1.6.9 allows attackers to cause a denial of service via crafted authenticatt

5.5MEDIUM

CVE-2022-26635

<= 2.2.0

PHP-Memcached v2.2.0 and below contains an improper NULL termination which allows attackers to execute CLRF injection. Note: Third

9.8CRITICAL

CVE-2020-10931

>= 1.6.0 and < 1.6.2

Memcached 1.6.x before 1.6.2 allows remote attackers to cause a denial of service (daemon crash) via a crafted binary protocol hea

7.5HIGH

CVE-2019-15026

all versions

memcached 1.5.16, when UNIX sockets are used, has a stack-based buffer over-read in conn_to_str in memcached.c.

7.5HIGH

CVE-2019-11596

< 1.5.14

In memcached before 1.5.14, a NULL pointer dereference was found in the "lru mode" and "lru temp_ttl" commands. This causes a deni

7.5HIGH

CVE-2018-1000127

< 1.4.37

memcached version prior to 1.4.37 contains an Integer Overflow vulnerability in items.c:item_free() that can result in data corrup

7.5HIGH

CVE-2018-1000115

all versions

Memcached version 1.5.5 contains an Insufficient Control of Network Message Volume (Network Amplification, CWE-406) vulnerability

7.5HIGH

CVE-2017-9951

<= 1.4.38

The try_read_command function in memcached.c in memcached before 1.4.39 allows remote attackers to cause a denial of service (segm

7.5HIGH

CVE-2016-8706

<= 1.4.31

An integer overflow in process_bin_sasl_auth function in Memcached, which is responsible for authentication commands of Memcached

8.1HIGH

CVE-2016-8705

<= 1.4.31

Multiple integer overflows in process_bin_update function in Memcached, which is responsible for processing multiple commands of M

9.8CRITICAL

CVE-2016-8704

<= 1.4.31

An integer overflow in the process_bin_append_prepend function in Memcached, which is responsible for processing multiple commands

9.8CRITICAL

CVE-2013-7291

<= 1.4.16

memcached before 1.4.17, when running in verbose mode, allows remote attackers to cause a denial of service (crash) via a request

CVE-2013-7290

all versions

The do_item_get function in items.c in memcached 1.4.4 and other versions before 1.4.17, when running in verbose mode, allows remo

CVE-2013-7239

<= 1.4.16

memcached before 1.4.17 allows remote attackers to bypass authentication by sending an invalid request with SASL credentials, then

CVE-2013-0179

all versions

The process_bin_delete function in memcached.c in memcached 1.4.4 and other versions before 1.4.17, when running in verbose mode,

CVE-2011-4971

<= 1.4.5

Multiple integer signedness errors in the (1) process_bin_sasl_auth, (2) process_bin_complete_sasl_auth, (3) process_bin_update, a

CVE-2010-1152

<= 1.4.2

memcached.c in memcached before 1.4.3 allows remote attackers to cause a denial of service (daemon hang or crash) via a long line

CVE-2009-2415

all versions

Multiple integer overflows in memcached 1.1.12 and 1.2.2 allow remote attackers to execute arbitrary code via vectors involving le

CVE-2009-1494

all versions

The process_stat function in Memcached 1.2.8 discloses memory-allocation statistics in response to a stats malloc command, which a

CVE-2009-1255

<= 1.2.0

The process_stat function in (1) Memcached before 1.2.8 and (2) MemcacheDB 1.2.0 discloses (a) the contents of /proc/self/maps in