CVE-2019-11596
NONE EPSS 85.5%
Published Apr 29, 20197y ago · Modified Jun 17, 20262w ago
Published Apr 29, 2019 7y ago
Last Modified Jun 17, 2026 2w ago
Description
In memcached before 1.5.14, a NULL pointer dereference was found in the "lru mode" and "lru temp_ttl" commands. This causes a denial of service when parsing crafted lru command messages in process_lru_command in memcached.c.
Threat Intelligence
EPSS Exploit Probability
85.5% percentile
Exploit & Patch Status
Public Exploit Known
Patch Available
Weaknesses 1
CWE-476 NULL Pointer Dereference Memory Safety
Affected Products 4
References 7
- lists.opensuse.org http://lists.opensuse.org/opensuse-security-announce/2020-05/msg00060.html
- github.com https://github.com/memcached/memcached/commit/d35334f368817a77a6bd1f33c6a5676b2c402c02
- github.com https://github.com/memcached/memcached/compare/ee1cfe3...50bdc9f
- github.com https://github.com/memcached/memcached/issues/474
- lists.fedoraproject.org https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/UUE3QBMP5UWTXMPKJREUICH6DIK6SOBX/
- lists.fedoraproject.org https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/Y2CCWRM4LHB253KG5SPOKRVDCXQX5VZR/
- usn.ubuntu.com https://usn.ubuntu.com/3963-1/
Remediation
- github.com https://github.com/memcached/memcached/commit/d35334f368817a77a6bd1f33c6a5676b2c402c02
- github.com https://github.com/memcached/memcached/compare/ee1cfe3...50bdc9f