Nixpkgs security tracker
8.1 HIGH
- CVSS version (CVSS): 3.1
- Attack Vector (AV): Network (N)
- Attack Complexity (AC): High (H)
- Privileges Required (PR): None (N)
- User Interaction (UI): None (N)
- Scope (S): Unchanged (U)
- Confidentiality (C): High (H)
- Integrity (I): High (H)
- Availability (A): High (H)
- Modified Attack Vector (MAV): Network (N)
- Modified Attack Complexity (MAC): High (H)
- Modified Privileges Required (MPR): None (N)
- Modified User Interaction (MUI): None (N)
- Modified Confidentiality (MC): High (H)
- Modified Scope (MS): Unchanged (U)
- Modified Integrity (MI): High (H)
- Modified Availability (MA): High (H)
by @LeSuisse Activity log
- Created suggestion
-
@LeSuisse
ignored
20 packages
- libmemcached
- memcachedTestHook
- memcached-exporter
- phpExtensions.memcached
- php82Extensions.memcached
- php83Extensions.memcached
- php84Extensions.memcached
- php85Extensions.memcached
- perlPackages.CacheMemcached
- perl5Packages.CacheMemcached
- perl538Packages.CacheMemcached
- perl540Packages.CacheMemcached
- perlPackages.CacheMemcachedFast
- perl5Packages.CacheMemcachedFast
- perl538Packages.CacheMemcachedFast
- perl540Packages.CacheMemcachedFast
- python312Packages.python-memcached
- python313Packages.python-memcached
- python314Packages.python-memcached
- chickenPackages_5.chickenEggs.memcached
- @LeSuisse ignored maintainer @coreyoconnor maintainer.ignore
- @LeSuisse accepted
- @LeSuisse published on GitHub
In memcached before 1.6.42, username data for SASL password database …
In memcached before 1.6.42, username data for SASL password database authentication has a timing side channel because a loop exits as soon as a valid username is found by sasl_server_userdb_checkpass.
References
Affected products
- <1.6.42
Matching in nixpkgs
Ignored packages (20)
pkgs.libmemcached
Open source C/C++ client library and tools for the memcached server
pkgs.memcachedTestHook
None
pkgs.memcached-exporter
Exports metrics from memcached servers for consumption by Prometheus
pkgs.phpExtensions.memcached
PHP extension for interfacing with memcached via libmemcached library
pkgs.php82Extensions.memcached
PHP extension for interfacing with memcached via libmemcached library
pkgs.php83Extensions.memcached
PHP extension for interfacing with memcached via libmemcached library
pkgs.php84Extensions.memcached
PHP extension for interfacing with memcached via libmemcached library
pkgs.php85Extensions.memcached
PHP extension for interfacing with memcached via libmemcached library
pkgs.perlPackages.CacheMemcached
Client library for memcached (memory cache daemon)
pkgs.perl5Packages.CacheMemcached
Client library for memcached (memory cache daemon)
pkgs.perl538Packages.CacheMemcached
Client library for memcached (memory cache daemon)
pkgs.perl540Packages.CacheMemcached
Client library for memcached (memory cache daemon)
pkgs.perlPackages.CacheMemcachedFast
Perl client for memcached, in C language
pkgs.perl5Packages.CacheMemcachedFast
Perl client for memcached, in C language
pkgs.perl538Packages.CacheMemcachedFast
Perl client for memcached, in C language
pkgs.perl540Packages.CacheMemcachedFast
Perl client for memcached, in C language
pkgs.python312Packages.python-memcached
Pure python memcached client
pkgs.python313Packages.python-memcached
Pure python memcached client
pkgs.python314Packages.python-memcached
Pure python memcached client
Package maintainers
Ignored maintainers (1)
-
@coreyoconnor Corey O'Connor <coreyoconnor@gmail.com>