Known Vulnerabilities for products from Memcached

Listed below are 20 of the newest known vulnerabilities associated with the vendor "Memcached".

These CVEs are retrieved based on exact matches on listed vendor information (CPE data) as well as a keyword search to ensure the newest vulnerabilities with no officially listed vendor information are still displayed.

Data on known vulnerable products is also displayed based on information from known CPEs, each product links to its respective vulnerability page.

Known Vulnerabilities

CVE Shortened Description Severity Publish Date Last Modified
CVE-2026-49345 json Not Provided 2026-06-19 2026-06-22
CVE-2026-47784 json In memcached before 1.6.42, password data for SASL password database authentication has a timing side channel because memcmp ... Not Provided 2026-05-20 2026-05-21
CVE-2026-47783 json In memcached before 1.6.42, username data for SASL password database authentication has a timing side channel because a loop ... Not Provided 2026-05-20 2026-05-21
CVE-2026-45686 json Not Provided 2026-06-02 2026-06-03
CVE-2023-46853 json In Memcached before 1.6.22, an off-by-one error exists when processing proxy requests in proxy mode, if \n is used instead of... 9.8 - CRITICAL 2023-10-27 2023-11-07
CVE-2023-46852 json In Memcached before 1.6.22, a buffer overflow exists when processing multiget requests in proxy mode, if there are many space... 7.5 - HIGH 2023-10-27 2023-11-07
CVE-2022-48571 json memcached 1.6.7 allows a Denial of Service via multi-packet uploads in UDP. 7.5 - HIGH 2023-08-22 2023-09-08
CVE-2021-37519 json ** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new secur... 5.5 - MEDIUM 2023-02-03 2023-02-10
CVE-2020-22570 json ** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new secur... 7.5 - HIGH 2023-08-22 2023-08-25
CVE-2020-10931 json Memcached 1.6.x before 1.6.2 allows remote attackers to cause a denial of service (daemon crash) via a crafted binary protoco... 7.5 - HIGH 2020-03-24 2020-03-27
CVE-2019-15026 json memcached 1.5.16, when UNIX sockets are used, has a stack-based buffer over-read in conn_to_str in memcached.c. 7.5 - HIGH 2019-08-30 2023-11-07
CVE-2019-11596 json In memcached before 1.5.14, a NULL pointer dereference was found in the "lru mode" and "lru temp_ttl" commands. This causes a... 7.5 - HIGH 2019-04-29 2023-11-07
CVE-2018-1000127 json memcached version prior to 1.4.37 contains an Integer Overflow vulnerability in items.c:item_free() that can result in data c... 7.5 - HIGH 2018-03-13 2020-08-24
CVE-2018-1000115 json Memcached version 1.5.5 contains an Insufficient Control of Network Message Volume (Network Amplification, CWE-406) vulnerabi... 7.5 - HIGH 2018-03-05 2021-08-04
CVE-2017-9951 json The try_read_command function in memcached.c in memcached before 1.4.39 allows remote attackers to cause a denial of service ... 7.5 - HIGH 2017-07-17 2019-10-03
CVE-2016-8706 json An integer overflow in process_bin_sasl_auth function in Memcached, which is responsible for authentication commands of Memca... Not Provided 2017-01-06 2026-05-06
CVE-2016-8705 json Multiple integer overflows in process_bin_update function in Memcached, which is responsible for processing multiple commands... Not Provided 2017-01-06 2026-05-06
CVE-2016-8704 json An integer overflow in the process_bin_append_prepend function in Memcached, which is responsible for processing multiple com... Not Provided 2017-01-06 2026-05-06
CVE-2013-7291 json memcached before 1.4.17, when running in verbose mode, allows remote attackers to cause a denial of service (crash) via a req... Not Provided 2014-01-13 2026-04-29
CVE-2013-7290 json The do_item_get function in items.c in memcached 1.4.4 and other versions before 1.4.17, when running in verbose mode, allows... Not Provided 2014-01-13 2026-04-29
Results limited to 20 most recent vulnerabilities

Known software with vulnerabilities from Memcached

Type Vendor Product Version
ApplicationMemcachedMemcached1.2.7
© CVE.report 2026 |

Use of this information constitutes acceptance for use in an AS IS condition. There are NO warranties, implied or otherwise, with regard to this information or its use. Any use of this information is at the user's risk. It is the responsibility of user to evaluate the accuracy, completeness or usefulness of any information, opinion, advice or other content. EACH USER WILL BE SOLELY RESPONSIBLE FOR ANY consequences of his or her direct or indirect use of this web site. ALL WARRANTIES OF ANY KIND ARE EXPRESSLY DISCLAIMED. This site will NOT BE LIABLE FOR ANY DIRECT, INDIRECT or any other kind of loss.

CVE, CWE, and OVAL are registred trademarks of The MITRE Corporation and the authoritative source of CVE content is MITRE's CVE web site. This site includes MITRE data granted under the following license.

Free CVE JSON API cve.report/api

CVE.report and Source URL Uptime Status status.cve.report