CVE-2020-10931 — Classic Buffer Overflow in Memcached

CWE-120 — Classic Buffer Overflow CWE-121 — Stack-based Buffer Overflow7 documents6 sources

Severity

7.5HIGHNVD

EPSS

15.4%

top 5.33%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Memcached Debian Memcached

Timeline

PublishedMar 24

Latest updateMay 24

Description

Memcached 1.6.x before 1.6.2 allows remote attackers to cause a denial of service (daemon crash) via a crafted binary protocol header to try_read_command_binary in memcached.c.

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:HExploitability: 3.9 | Impact: 3.6

Affected Packages3 packages

▶debiandebian/memcached< memcached 1.6.2-1 (bookworm)

▶NVDmemcached/memcached1.6.0 — 1.6.2

▶Debianmemcached/memcached< 1.6.2-1+3

Patches

Patch: github.com ↗Patch: github.com ↗

🔴Vulnerability Details

GHSA

GHSA-vqwp-x6cp-56g5: Memcached 1↗2022-05-24

▶

OSV

CVE-2020-10931: Memcached 1↗2020-03-24

▶

📋Vendor Advisories

Red Hat

memcached: mishandled memcpy into a stack-based buffer may lead to DoS↗2020-03-24

▶

Debian

CVE-2020-10931: memcached - Memcached 1.6.x before 1.6.2 allows remote attackers to cause a denial of servic...↗2020

▶

💬Community

Bugzilla

CVE-2020-10931 memcached: mishandled memcpy into a stack-based buffer may lead to DoS [openstack-rdo]↗2020-03-24

▶

Bugzilla

CVE-2020-10931 memcached: mishandled memcpy into a stack-based buffer may lead to DoS↗2020-03-24

▶