Descriptionlibmemcached-awesome is an open source C/C++ client library and tools for the memcached server. `libmemcached` could return data for a previously requested key, if that previous request timed out due to a low `POLL_TIMEOUT`. This issue has been addressed in version 1.1.4. Users are advised to upgrade. There are several ways to workaround or lower the probability of this bug affecting a given deployment. 1: use a reasonably high `POLL_TIMEOUT` setting, like the default. 2: use separate libmemcached connections for unrelated data. 3: do not re-use libmemcached connections in an unknown state.
SourceCVE (at NVD; CERT, LWN, oss-sec, fulldisc, Red Hat, Ubuntu, Gentoo, SUSE bugzilla/CVE, GitHub advisories/code/issues, web search, more)
Debian Bugs1032479

Vulnerable and fixed packages

The table below lists information on source packages.

Source PackageReleaseVersionStatus
libmemcached (PTS)buster, bullseye1.0.18-4.2fixed
bookworm, trixie1.1.4-1fixed

The information below is based on the following data on fixed versions.

PackageTypeReleaseFixed VersionUrgencyOriginDebian Bugs
libmemcachedsourcebuster(not affected)
libmemcachedsourcebullseye(not affected)


[bullseye] - libmemcached <not-affected> (Vulnerable code introduced later)
[buster] - libmemcached <not-affected> (Vulnerable code introduced later)
Introduced with: (1.1.0-beta1)
Fixed by: (1.1.4)

Search for package or bug name: Reporting problems