CVE-2019-11596

NONE EPSS 85.5%
Published Apr 29, 20197y ago · Modified Jun 17, 20262w ago
Find Similar
Published Apr 29, 2019 7y ago
Last Modified Jun 17, 2026 2w ago

Description

In memcached before 1.5.14, a NULL pointer dereference was found in the "lru mode" and "lru temp_ttl" commands. This causes a denial of service when parsing crafted lru command messages in process_lru_command in memcached.c.

Threat Intelligence

EPSS Exploit Probability
85.5% percentile
Exploit & Patch Status
Public Exploit Known
Patch Available

Weaknesses 1

CWE-476 NULL Pointer Dereference Memory Safety

Affected Products 4

VendorProductVersionRange
memcachedmemcached* <1.5.14
canonicalubuntu_linux18.04any
canonicalubuntu_linux18.10any
canonicalubuntu_linux19.04any

References 7

  • lists.opensuse.org http://lists.opensuse.org/opensuse-security-announce/2020-05/msg00060.html
  • github.com https://github.com/memcached/memcached/commit/d35334f368817a77a6bd1f33c6a5676b2c402c02
    PatchThird Party Advisory
  • github.com https://github.com/memcached/memcached/compare/ee1cfe3...50bdc9f
    Patch
  • github.com https://github.com/memcached/memcached/issues/474
    ExploitThird Party Advisory
  • lists.fedoraproject.org https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/UUE3QBMP5UWTXMPKJREUICH6DIK6SOBX/
  • lists.fedoraproject.org https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/Y2CCWRM4LHB253KG5SPOKRVDCXQX5VZR/
  • usn.ubuntu.com https://usn.ubuntu.com/3963-1/
    Third Party Advisory

Remediation

  • github.com https://github.com/memcached/memcached/commit/d35334f368817a77a6bd1f33c6a5676b2c402c02
    PatchThird Party Advisory
  • github.com https://github.com/memcached/memcached/compare/ee1cfe3...50bdc9f
    Patch