PT-2026-42109 · Memcached+3 · Memcached+3
CVSS v3.1
8.1
High
| Vector | AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H |
Name of the Vulnerable Software and Affected Versions
memcached versions prior to 1.6.42
Description
Username data for SASL password database authentication contains a timing side channel. This occurs because the
sasl server userdb checkpass() function utilizes a loop that terminates immediately upon finding a valid username, allowing an attacker to potentially infer valid usernames based on the time the server takes to respond.Recommendations
Update to version 1.6.42 or later.
Exploit
Fix
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Linuxmint
Rocky Linux
Ubuntu
Memcached