Daniel Shapira discovered an integer overflow issue in Memcached. A remote attacker could use this to cause a denial of service (daemon crash). (CVE-2017-9951)
It was discovered that Memcached listened to UDP by default. A remote attacker could use this as part of a distributed denial of service attack. (CVE-2018-1000115)