CVE-2019-11596NULL Pointer Dereference in Memcached

CWE-476NULL Pointer Dereference9 documents7 sources
Severity
7.5HIGHNVD
EPSS
1.6%
top 18.54%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
3
MemcachedDebian MemcachedCanonical Ubuntu Linux
Timeline
PublishedApr 29
Latest updateMay 24

Description

In memcached before 1.5.14, a NULL pointer dereference was found in the "lru mode" and "lru temp_ttl" commands. This causes a denial of service when parsing crafted lru command messages in process_lru_command in memcached.c.

CVSS vector

CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:HExploitability: 3.9 | Impact: 3.6

Affected Packages3 packages

debiandebian/memcached< memcached 1.5.6-1.1 (bookworm)
NVDmemcached/memcached< 1.5.14
Debianmemcached/memcached< 1.5.6-1.1+3

Also affects: Ubuntu Linux 18.04, 18.10, 19.04

Patches

Patch: github.comPatch: github.comPatch: github.com

🔴Vulnerability Details

2
GHSA
GHSA-p785-ww3c-xg46: In memcached before 12022-05-24
OSV
CVE-2019-11596: In memcached before 12019-04-29

📋Vendor Advisories

3
Ubuntu
Memcached vulnerability2019-05-01
Red Hat
memcached: null-pointer dereference in "lru mode" and "lru temp_ttl" causing denial of service2019-04-10
Debian
CVE-2019-11596: memcached - In memcached before 1.5.14, a NULL pointer dereference was found in the "lru mod...2019

💬Community

3
Bugzilla
CVE-2019-11596 memcached: null-pointer dereference in "lru mode" and "lru temp_ttl" causing denial of service [openstack-rdo]2019-05-13
Bugzilla
CVE-2019-11596 memcached: null-pointer dereference in "lru mode" and "lru temp_ttl" causing denial of service [fedora-all]2019-05-03
Bugzilla
CVE-2019-11596 memcached: null-pointer dereference in "lru mode" and "lru temp_ttl" causing denial of service2019-05-03