{"id":"CVE-2026-47783","details":"In memcached before 1.6.42, username data for SASL password database authentication has a timing side channel because a loop exits as soon as a valid username is found by sasl_server_userdb_checkpass.","aliases":["BIT-memcached-2026-47783"],"modified":"2026-06-23T15:29:17.497616403Z","published":"2026-05-20T05:43:46.976Z","related":["ALSA-2026:27842","ALSA-2026:27862","SUSE-SU-2026:22022-1","SUSE-SU-2026:2292-1","SUSE-SU-2026:2293-1","openSUSE-SU-2026:10882-1","openSUSE-SU-2026:20884-1"],"database_specific":{"cna_assigner":"mitre","cwe_ids":["CWE-208"],"osv_generated_from":"https://github.com/CVEProject/cvelistV5/tree/main/cves/2026/47xxx/CVE-2026-47783.json"},"references":[{"type":"WEB","url":"https://github.com/memcached/memcached/compare/1.6.41...1.6.42"},{"type":"WEB","url":"https://github.com/memcached/memcached/wiki/ReleaseNotes1642"},{"type":"ADVISORY","url":"https://github.com/CVEProject/cvelistV5/tree/main/cves/2026/47xxx/CVE-2026-47783.json"},{"type":"ADVISORY","url":"https://nvd.nist.gov/vuln/detail/CVE-2026-47783"},{"type":"FIX","url":"https://github.com/memcached/memcached/commit/d13f282b4bce33a9c33b8a1bbf07f12114160fed"}],"affected":[{"ranges":[{"type":"GIT","repo":"https://github.com/memcached/memcached","events":[{"introduced":"0"},{"fixed":"f1674f0231e5d291db474c4ad297f5f069d32521"},{"fixed":"d13f282b4bce33a9c33b8a1bbf07f12114160fed"}],"database_specific":{"source":["CPE_RANGE","REFERENCES"],"cpe":"cpe:2.3:a:memcached:memcached:*:*:*:*:*:*:*:*","extracted_events":[{"introduced":"0"},{"fixed":"1.6.42"}]}}],"versions":["1.6.41","1.6.40","1.6.39","1.6.38","1.6.37","1.6.36","1.6.35","1.6.34","1.6.33","1.6.32","1.6.31","1.6.30","1.6.29","1.6.28","1.6.27","1.6.26","1.6.25","1.6.24","1.6.23","1.6.22","1.6.21","1.6.20","1.6.19","1.6.18","1.6.17","1.6.16","1.6.15","1.6.14","1.6.13","1.6.12","1.6.11","1.6.10","1.6.9","1.6.8","1.6.7","1.6.6","1.6.5","1.6.4","1.6.3","1.6.2","1.6.1","1.6.0","1.5.22","1.5.21","1.5.20","1.5.19","1.5.18","1.5.17","1.5.16","1.5.15","1.5.14","1.5.13","1.5.12","1.5.11","1.5.10","1.5.9","1.5.8","1.5.7","1.5.6","1.5.5","1.5.4","1.5.3","1.5.2","1.5.1","1.5.0","1.4.39","1.4.38","1.4.37","1.4.36","1.4.35","1.4.34","1.4.33","1.4.32","1.4.31","1.4.30","1.4.29","1.4.28","1.4.27","1.4.26","1.4.25","1.4.24","1.4.23","1.4.22","1.4.21","1.4.20","1.4.19","1.4.18","1.4.17","1.4.16","1.4.15","1.4.14","1.4.13","1.4.12","1.4.11-rc1","1.4.11","1.4.11-beta1","1.4.10","1.4.9","1.4.8","1.4.8-rc1","1.4.7-rc1","1.4.7","1.4.6","1.4.6-rc1","1.4.5","1.4.4","1.4.3","1.4.3-rc2","1.4.3-rc1","1.4.2","1.4.2-rc1","1.4.1","1.4.1-rc1","1.4.0","1.4-rc1","1.4.0-rc1","1.3.3","1.3.2","1.2.4","1.2.3","1.2.2","1.2.1","1.2.0"],"database_specific":{"vanir_signatures_modified":"2026-06-20T11:13:56Z","source":"https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2026-47783.json","vanir_signatures":[{"source":"https://github.com/memcached/memcached/commit/d13f282b4bce33a9c33b8a1bbf07f12114160fed","id":"CVE-2026-47783-753167ba","signature_type":"Function","digest":{"length":1156,"function_hash":"284654676807271835384715966028879882137"},"deprecated":false,"target":{"file":"sasl_defs.c","function":"sasl_server_userdb_checkpass"},"signature_version":"v1"},{"source":"https://github.com/memcached/memcached/commit/d13f282b4bce33a9c33b8a1bbf07f12114160fed","id":"CVE-2026-47783-9b7ff158","signature_type":"Line","digest":{"line_hashes":["312679514704962041280281200903721309667","35757367415565282865623804919170315255","245579480260761788681918563772767245751","6602217400144305652543387936933858330","161573229621705196849168628951717696666","258772684775262277630727493888981902386","286110100176741436029485821082375961561","95100240616598174899764189262178176353","327608642694468017178633802590202216364","253086933575348819273447769281331947129","218347168151238490293077456438405013492","121523401650451511176392504935467086120","236732265184660035366467935863000898408","274469844838623870742837739010917076111"],"threshold":0.9},"signature_version":"v1","target":{"file":"sasl_defs.c"},"deprecated":false}]}}],"schema_version":"1.7.5","severity":[{"type":"CVSS_V3","score":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H"}]}