8.1
CVE-2026-47784
- EPSS 0.55%
- Veröffentlicht 20.05.2026 05:45:37
- Zuletzt bearbeitet 21.05.2026 17:06:33
- Quelle cve@mitre.org
- CVE-Watchlists
- Unerledigt
In memcached before 1.6.42, password data for SASL password database authentication has a timing side channel because memcmp is used by sasl_server_userdb_checkpass.
| Typ | Quelle | Score | Percentile |
|---|---|---|---|
| EPSS | FIRST.org | 0.55% | 0.415 |
| Quelle | Base Score | Exploit Score | Impact Score | Vector String |
|---|---|---|---|---|
| cve@mitre.org | 8.1 | 2.2 | 5.9 |
CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H
|
CWE-208 Observable Timing Discrepancy
Two separate operations in a product require different amounts of time to complete, in a way that is observable to an actor and reveals security-relevant information about the state of the product, such as whether a particular operation was successful or not.
https://github.com/memcached/memcached/commit/d13f282b4bce33a9c33b8a1bbf07f12114160fed
https://github.com/memcached/memcached/compare/1.6.41...1.6.42
https://github.com/memcached/memcached/wiki/ReleaseNotes1642