memcached

Microsoft published CVE-2026-47783 on May 21, 2026, for a memcached timing side-channel flaw fixed upstream in version 1.6.42 and reflected in Microsoft’s Azure Linux 3.0 package update from azl3 memcached 1.6.27-4 to 1.6.27-5. The bug is not a Windows desktop crisis, and that is precisely why...

On May 20, 2026, CVE-2026-47784 was published for memcached versions before 1.6.42, describing a timing side channel in SASL password database authentication caused by the use of memcmp inside sasl_server_userdb_checkpass. The bug is not a Windows vulnerability in the classic Patch Tuesday...

The buffer-overflow flaw in Memcached that landed under CVE-2023-46852 is a deceptively small parser bug with outsized operational impact: malformed multiget requests containing many spaces after the "get" token can overflow internal buffers when Memcached is running in its optional proxy mode...

The discovery that a single missing carriage return could destabilize widely deployed caching infrastructure exposed a familiar, uncomfortable truth: simple parser assumptions still cause outsized operational and security consequences. CVE‑2023‑46853 is an off‑by‑one error in Memcached’s proxy...

It began with an uncomfortable realization during a routine cost review: our multi-region Azure deployment—intended to elegantly scale and secure a set of modest cloud services—was bleeding more than $5,000 each month on a basic caching strategy. The core culprit was Azure Cache for Redis...