PT-2026-42110 · Memcached+2 · Memcached+2
Kingroryga
·
Published
2026-05-20
·
Updated
2026-05-30
·
CVE-2026-47784
CVSS v3.1
8.1
High
| Vector | AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H |
Name of the Vulnerable Software and Affected Versions
memcached versions prior to 1.6.42
Description
Password data for SASL password database authentication contains a timing side channel. This occurs because the
sasl server userdb checkpass() function utilizes memcmp, which can allow an attacker to infer information about the password based on the time taken to perform the comparison.Recommendations
Update to version 1.6.42 or later.
Fix
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Linuxmint
Ubuntu
Memcached