Vulnerability Reportmemcached:1.6.13-alpine

memcached:1.6.13-alpine
DIGESTsha256:45aaea7e7e89c491a9f0fd713744cadbce7257ed338162a05895a058b28de082

Executive Summary

Last scanned:

Threat Score
74/100CAUTION
Reputation
TRUSTED

This image carries significant risk; production deployment is highly discouraged without strict compensating controls. An attacker could cause denial of service via memory corruption (CVE-2022-37434) or infinite loop (CVE-2022-0778) if specific non-default features (TLS, compression) are enabled. Disabling TLS and compression fully mitigates the highest-severity vulnerabilities. Note that these vulnerabilities require non-default configurations to be exploitable, reducing their practical impact for typical memcached deployments.

Vulnerabilities

Vulnerability Log

30 total
CVE IDAdjusted SeverityPackageExploit ProbabilityRisk Context
CVE-2022-37434HIGH8
zlib
1.2.11-r3
fixed in 1.2.12-r2
15.9%
High Exploitation Risk
Directly ExposedContext importance: MEDIUM
CVE-2022-0778HIGH7.8
libcrypto1.1
1.1.1l-r8
fixed in 1.1.1n-r0
70.6%
Actively Exploited
Directly ExposedContext importance: MEDIUM
CVE-2022-0778HIGH7.8
libretls
3.3.4-r2
fixed in 3.3.4-r3
70.6%
Actively Exploited
Directly ExposedContext importance: MEDIUM
CVE-2022-0778HIGH7.8
libssl1.1
1.1.1l-r8
fixed in 1.1.1n-r0
70.6%
Actively Exploited
Directly ExposedContext importance: MEDIUM
CVE-2018-25032HIGH7.8
zlib
1.2.11-r3
fixed in 1.2.12-r0
51.7%
Actively Exploited
Directly ExposedContext importance: MEDIUM
CVE-2023-0464MEDIUM6
libcrypto1.1
1.1.1l-r8
fixed in 1.1.1t-r2
3.7%
Low-Moderate Risk
Directly ExposedContext importance: MEDIUM
CVE-2023-0464MEDIUM6
libssl1.1
1.1.1l-r8
fixed in 1.1.1t-r2
3.7%
Low-Moderate Risk
Directly ExposedContext importance: MEDIUM
CVE-2023-0286MEDIUM5.77
libcrypto1.1
1.1.1l-r8
fixed in 1.1.1t-r0
59.5%
Actively Exploited
Directly Exposed
CVE-2023-0286MEDIUM5.77
libssl1.1
1.1.1l-r8
fixed in 1.1.1t-r0
59.5%
Actively Exploited
Directly Exposed
CVE-2022-4304MEDIUM5.43
libcrypto1.1
1.1.1l-r8
fixed in 1.1.1t-r0
16.2%
High Exploitation Risk
Directly ExposedContext importance: MEDIUM
CVE-2022-4304MEDIUM5.43
libssl1.1
1.1.1l-r8
fixed in 1.1.1t-r0
16.2%
High Exploitation Risk
Directly ExposedContext importance: MEDIUM
CVE-2023-0465MEDIUM5.3
libcrypto1.1
1.1.1l-r8
fixed in 1.1.1t-r2
1.6%
Low-Moderate Risk
Directly Exposed
CVE-2023-3446MEDIUM5.3
libcrypto1.1
1.1.1l-r8
fixed in 1.1.1u-r2
5.5%
Low-Moderate Risk
Directly Exposed
CVE-2023-3817MEDIUM5.3
libcrypto1.1
1.1.1l-r8
fixed in 1.1.1v-r0
2.6%
Low-Moderate Risk
Directly Exposed
CVE-2023-5678MEDIUM5.3
libcrypto1.1
1.1.1l-r8
fixed in 1.1.1w-r1
4.5%
Low-Moderate Risk
Directly Exposed
CVE-2023-0465MEDIUM5.3
libssl1.1
1.1.1l-r8
fixed in 1.1.1t-r2
1.6%
Low-Moderate Risk
Directly Exposed
CVE-2023-3446MEDIUM5.3
libssl1.1
1.1.1l-r8
fixed in 1.1.1u-r2
5.5%
Low-Moderate Risk
Directly Exposed
CVE-2023-3817MEDIUM5.3
libssl1.1
1.1.1l-r8
fixed in 1.1.1v-r0
2.6%
Low-Moderate Risk
Directly Exposed
CVE-2023-5678MEDIUM5.3
libssl1.1
1.1.1l-r8
fixed in 1.1.1w-r1
4.5%
Low-Moderate Risk
Directly Exposed
CVE-2022-24407MEDIUM5.28
libsasl
2.1.27-r14
fixed in 2.1.28-r0
4.1%
Low-Moderate Risk
Directly Exposed
CVE-2023-2650MEDIUM5.07
libcrypto1.1
1.1.1l-r8
fixed in 1.1.1u-r0
73.5%
Actively Exploited
Directly Exposed
CVE-2023-2650MEDIUM5.07
libssl1.1
1.1.1l-r8
fixed in 1.1.1u-r0
73.5%
Actively Exploited
Directly Exposed
CVE-2022-28391LOW3.17
busybox
1.34.1-r3
fixed in 1.34.1-r5
3.5%
Low-Moderate Risk
Post-Exploit
CVE-2022-28391LOW3.17
ssl_client
1.34.1-r3
fixed in 1.34.1-r5
3.5%
Low-Moderate Risk
Post-Exploit
CVE-2022-4450LOW3.1
libcrypto1.1
1.1.1l-r8
fixed in 1.1.1t-r0
20.4%
High Exploitation Risk
Post-Exploit
CVE-2022-4450LOW3.1
libssl1.1
1.1.1l-r8
fixed in 1.1.1t-r0
20.4%
High Exploitation Risk
Post-Exploit
CVE-2023-0215LOW2.7
libcrypto1.1
1.1.1l-r8
fixed in 1.1.1t-r0
4.5%
Low-Moderate Risk
Post-Exploit
CVE-2023-0215LOW2.7
libssl1.1
1.1.1l-r8
fixed in 1.1.1t-r0
4.5%
Low-Moderate Risk
Post-Exploit
CVE-2022-2097LOW1.91
libcrypto1.1
1.1.1l-r8
fixed in 1.1.1q-r0
4.4%
Low-Moderate Risk
Post-Exploit
CVE-2022-2097LOW1.91
libssl1.1
1.1.1l-r8
fixed in 1.1.1q-r0
4.4%
Low-Moderate Risk
Post-Exploit

Want to check another image? Run a full scan with the Docker Security Scanner.