8.1
CVE-2026-47783
- EPSS 1.31%
- Veröffentlicht 20.05.2026 05:43:46
- Zuletzt bearbeitet 30.06.2026 03:20:24
- Quelle cve@mitre.org
- CVE-Watchlists
- Unerledigt
In memcached before 1.6.42, username data for SASL password database authentication has a timing side channel because a loop exits as soon as a valid username is found by sasl_server_userdb_checkpass.
| Typ | Quelle | Score | Percentile |
|---|---|---|---|
| EPSS | FIRST.org | 1.31% | 0.671 |
| Quelle | Base Score | Exploit Score | Impact Score | Vector String |
|---|---|---|---|---|
| cve@mitre.org | 8.1 | 2.2 | 5.9 |
CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H
|
| 0b0ca135-0b70-47e7-9f44-1890c2a1c46c | 8.1 | 2.2 | 5.9 |
CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H
|
CWE-208 Observable Timing Discrepancy
Two separate operations in a product require different amounts of time to complete, in a way that is observable to an actor and reveals security-relevant information about the state of the product, such as whether a particular operation was successful or not.
Für Zugriff zu Vulnerability Intelligence ist ein VulnDex Zugang erforderlich.
https://github.com/memcached/memcached/commit/d13f282b4bce33a9c33b8a1bbf07f12114160fed
https://github.com/memcached/memcached/compare/1.6.41...1.6.42
https://github.com/memcached/memcached/wiki/ReleaseNotes1642
https://access.redhat.com/errata/RHSA-2026:27842
https://access.redhat.com/errata/RHSA-2026:27862
https://access.redhat.com/security/cve/CVE-2026-47783
https://bugzilla.redhat.com/show_bug.cgi?id=2480089
https://security.access.redhat.com/data/csaf/v2/vex/2026/cve-2026-47783.json