In memcached before 1.6.42, username data for SASL password database authentication has a timing side channel because a loop exits as soon as a valid username is found by sasl_server_userdb_checkpass.
CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:HMemcached
APPMemcached< 1.6.42
Related vulnerabilities
In Memcached before 1.6.22, an off-by-one error exists when processing proxy requests in proxy mode, if \n is ...
An integer overflow in the process_bin_append_prepend function in Memcached, which is responsible for processi...
Multiple integer overflows in process_bin_update function in Memcached, which is responsible for processing mu...
In memcached before 1.6.42, password data for SASL password database authentication has a timing side channel ...
In Memcached before 1.6.22, a buffer overflow exists when processing multiget requests in proxy mode, if there...