Last scanned:
This image poses a critical security risk and must not be used in production, especially as an internet-facing service. An attacker could achieve remote code execution or memory corruption via zlib vulnerabilities, or SQL injection if SASL authentication is used with an SQL backend, potentially leading to full system compromise or data breach. Note: CVE-2022-37434 and CVE-2018-25032 only apply if memcached is configured to use compression; disabling compression would fully eliminate these risks. CVE-2022-24407 only applies if SASL with SQL backend is enabled; avoiding that configuration mitigates the SQL injection.
| CVE ID | Adjusted Severity | Package | Exploit Probability | Risk Context |
|---|---|---|---|---|
| CVE-2022-37434 | HIGH8 | zlib 1.2.11-r3 fixed in 1.2.12-r2 | 16.0% High Exploitation Risk | Directly ExposedContext importance: MEDIUM |
| CVE-2018-25032 | HIGH7.8 | zlib 1.2.11-r3 fixed in 1.2.12-r0 | 52.1% Actively Exploited | Directly ExposedContext importance: MEDIUM |
| CVE-2022-24407 | HIGH7.04 | libsasl 2.1.27-r14 fixed in 2.1.28-r0 | 4.1% Low-Moderate Risk | Directly ExposedContext importance: MEDIUM |
| CVE-2023-0465 | MEDIUM5.3 | libcrypto1.1 1.1.1l-r7 fixed in 1.1.1t-r2 | 1.6% Low-Moderate Risk | Directly Exposed |
| CVE-2023-3446 | MEDIUM5.3 | libcrypto1.1 1.1.1l-r7 fixed in 1.1.1u-r2 | 5.5% Low-Moderate Risk | Directly Exposed |
| CVE-2023-3817 | MEDIUM5.3 | libcrypto1.1 1.1.1l-r7 fixed in 1.1.1v-r0 | 2.6% Low-Moderate Risk | Directly Exposed |
| CVE-2023-5678 | MEDIUM5.3 | libcrypto1.1 1.1.1l-r7 fixed in 1.1.1w-r1 | 4.5% Low-Moderate Risk | Directly Exposed |
| CVE-2023-0465 | MEDIUM5.3 | libssl1.1 1.1.1l-r7 fixed in 1.1.1t-r2 | 1.6% Low-Moderate Risk | Directly Exposed |
| CVE-2023-3446 | MEDIUM5.3 | libssl1.1 1.1.1l-r7 fixed in 1.1.1u-r2 | 5.5% Low-Moderate Risk | Directly Exposed |
| CVE-2023-3817 | MEDIUM5.3 | libssl1.1 1.1.1l-r7 fixed in 1.1.1v-r0 | 2.6% Low-Moderate Risk | Directly Exposed |
| CVE-2023-5678 | MEDIUM5.3 | libssl1.1 1.1.1l-r7 fixed in 1.1.1w-r1 | 4.5% Low-Moderate Risk | Directly Exposed |
| CVE-2022-0778 | LOW3.51 | libcrypto1.1 1.1.1l-r7 fixed in 1.1.1n-r0 | 70.6% Actively Exploited | Post-Exploit |
| CVE-2022-0778 | LOW3.51 | libretls 3.3.4-r2 fixed in 3.3.4-r3 | 70.6% Actively Exploited | Post-Exploit |
| CVE-2022-0778 | LOW3.51 | libssl1.1 1.1.1l-r7 fixed in 1.1.1n-r0 | 70.6% Actively Exploited | Post-Exploit |
| CVE-2023-0286 | LOW3.46 | libcrypto1.1 1.1.1l-r7 fixed in 1.1.1t-r0 | 59.5% Actively Exploited | Post-Exploit |
| CVE-2023-0286 | LOW3.46 | libssl1.1 1.1.1l-r7 fixed in 1.1.1t-r0 | 59.5% Actively Exploited | Post-Exploit |
| CVE-2022-28391 | LOW3.17 | busybox 1.34.1-r3 fixed in 1.34.1-r5 | 3.5% Low-Moderate Risk | Post-Exploit |
| CVE-2022-28391 | LOW3.17 | ssl_client 1.34.1-r3 fixed in 1.34.1-r5 | 3.5% Low-Moderate Risk | Post-Exploit |
| CVE-2022-4450 | LOW3.1 | libcrypto1.1 1.1.1l-r7 fixed in 1.1.1t-r0 | 20.4% High Exploitation Risk | Post-Exploit |
| CVE-2022-4450 | LOW3.1 | libssl1.1 1.1.1l-r7 fixed in 1.1.1t-r0 | 20.4% High Exploitation Risk | Post-Exploit |
| CVE-2023-2650 | LOW3.04 | libcrypto1.1 1.1.1l-r7 fixed in 1.1.1u-r0 | 73.5% Actively Exploited | Post-Exploit |
| CVE-2023-2650 | LOW3.04 | libssl1.1 1.1.1l-r7 fixed in 1.1.1u-r0 | 73.5% Actively Exploited | Post-Exploit |
| CVE-2023-0215 | LOW2.7 | libcrypto1.1 1.1.1l-r7 fixed in 1.1.1t-r0 | 4.5% Low-Moderate Risk | Post-Exploit |
| CVE-2023-0464 | LOW2.7 | libcrypto1.1 1.1.1l-r7 fixed in 1.1.1t-r2 | 3.7% Low-Moderate Risk | Post-Exploit |
| CVE-2023-0215 | LOW2.7 | libssl1.1 1.1.1l-r7 fixed in 1.1.1t-r0 | 4.5% Low-Moderate Risk | Post-Exploit |
| CVE-2023-0464 | LOW2.7 | libssl1.1 1.1.1l-r7 fixed in 1.1.1t-r2 | 3.7% Low-Moderate Risk | Post-Exploit |
| CVE-2022-4304 | LOW2.44 | libcrypto1.1 1.1.1l-r7 fixed in 1.1.1t-r0 | 16.2% High Exploitation Risk | Post-Exploit |
| CVE-2022-4304 | LOW2.44 | libssl1.1 1.1.1l-r7 fixed in 1.1.1t-r0 | 16.2% High Exploitation Risk | Post-Exploit |
| CVE-2022-2097 | LOW1.91 | libcrypto1.1 1.1.1l-r7 fixed in 1.1.1q-r0 | 4.4% Low-Moderate Risk | Post-Exploit |
| CVE-2022-2097 | LOW1.91 | libssl1.1 1.1.1l-r7 fixed in 1.1.1q-r0 | 4.4% Low-Moderate Risk | Post-Exploit |
Want to check another image? Run a full scan with the Docker Security Scanner.