ID CVE-2019-11596
Summary In memcached before 1.5.14, a NULL pointer dereference was found in the "lru mode" and "lru temp_ttl" commands. This causes a denial of service when parsing crafted lru command messages in process_lru_command in memcached.c.
References
Vulnerable Configurations
  • cpe:2.3:a:memcached:memcached:1.2.7:*:*:*:*:*:*:*
    cpe:2.3:a:memcached:memcached:1.2.7:*:*:*:*:*:*:*
  • cpe:2.3:a:memcached:memcached:1.2.8:*:*:*:*:*:*:*
    cpe:2.3:a:memcached:memcached:1.2.8:*:*:*:*:*:*:*
  • cpe:2.3:a:memcached:memcached:1.4.0:*:*:*:*:*:*:*
    cpe:2.3:a:memcached:memcached:1.4.0:*:*:*:*:*:*:*
  • cpe:2.3:a:memcached:memcached:1.4.1:*:*:*:*:*:*:*
    cpe:2.3:a:memcached:memcached:1.4.1:*:*:*:*:*:*:*
  • cpe:2.3:a:memcached:memcached:1.4.2:*:*:*:*:*:*:*
    cpe:2.3:a:memcached:memcached:1.4.2:*:*:*:*:*:*:*
  • cpe:2.3:a:memcached:memcached:1.4.3:*:*:*:*:*:*:*
    cpe:2.3:a:memcached:memcached:1.4.3:*:*:*:*:*:*:*
  • cpe:2.3:a:memcached:memcached:1.4.4:*:*:*:*:*:*:*
    cpe:2.3:a:memcached:memcached:1.4.4:*:*:*:*:*:*:*
  • cpe:2.3:a:memcached:memcached:1.4.5:*:*:*:*:*:*:*
    cpe:2.3:a:memcached:memcached:1.4.5:*:*:*:*:*:*:*
  • cpe:2.3:a:memcached:memcached:1.4.6:*:*:*:*:*:*:*
    cpe:2.3:a:memcached:memcached:1.4.6:*:*:*:*:*:*:*
  • cpe:2.3:a:memcached:memcached:1.4.7:*:*:*:*:*:*:*
    cpe:2.3:a:memcached:memcached:1.4.7:*:*:*:*:*:*:*
  • cpe:2.3:a:memcached:memcached:1.4.8:*:*:*:*:*:*:*
    cpe:2.3:a:memcached:memcached:1.4.8:*:*:*:*:*:*:*
  • cpe:2.3:a:memcached:memcached:1.4.9:*:*:*:*:*:*:*
    cpe:2.3:a:memcached:memcached:1.4.9:*:*:*:*:*:*:*
  • cpe:2.3:a:memcached:memcached:1.4.10:*:*:*:*:*:*:*
    cpe:2.3:a:memcached:memcached:1.4.10:*:*:*:*:*:*:*
  • cpe:2.3:a:memcached:memcached:1.4.11:*:*:*:*:*:*:*
    cpe:2.3:a:memcached:memcached:1.4.11:*:*:*:*:*:*:*
  • cpe:2.3:a:memcached:memcached:1.4.12:*:*:*:*:*:*:*
    cpe:2.3:a:memcached:memcached:1.4.12:*:*:*:*:*:*:*
  • cpe:2.3:a:memcached:memcached:1.4.13:*:*:*:*:*:*:*
    cpe:2.3:a:memcached:memcached:1.4.13:*:*:*:*:*:*:*
  • cpe:2.3:a:memcached:memcached:1.4.14:*:*:*:*:*:*:*
    cpe:2.3:a:memcached:memcached:1.4.14:*:*:*:*:*:*:*
  • cpe:2.3:a:memcached:memcached:1.4.15:*:*:*:*:*:*:*
    cpe:2.3:a:memcached:memcached:1.4.15:*:*:*:*:*:*:*
  • cpe:2.3:a:memcached:memcached:1.4.16:*:*:*:*:*:*:*
    cpe:2.3:a:memcached:memcached:1.4.16:*:*:*:*:*:*:*
  • cpe:2.3:a:memcached:memcached:1.4.17:*:*:*:*:*:*:*
    cpe:2.3:a:memcached:memcached:1.4.17:*:*:*:*:*:*:*
  • cpe:2.3:a:memcached:memcached:1.4.18:*:*:*:*:*:*:*
    cpe:2.3:a:memcached:memcached:1.4.18:*:*:*:*:*:*:*
  • cpe:2.3:a:memcached:memcached:1.4.19:*:*:*:*:*:*:*
    cpe:2.3:a:memcached:memcached:1.4.19:*:*:*:*:*:*:*
  • cpe:2.3:a:memcached:memcached:1.4.20:*:*:*:*:*:*:*
    cpe:2.3:a:memcached:memcached:1.4.20:*:*:*:*:*:*:*
  • cpe:2.3:a:memcached:memcached:1.4.21:*:*:*:*:*:*:*
    cpe:2.3:a:memcached:memcached:1.4.21:*:*:*:*:*:*:*
  • cpe:2.3:a:memcached:memcached:1.4.22:*:*:*:*:*:*:*
    cpe:2.3:a:memcached:memcached:1.4.22:*:*:*:*:*:*:*
  • cpe:2.3:a:memcached:memcached:1.4.23:*:*:*:*:*:*:*
    cpe:2.3:a:memcached:memcached:1.4.23:*:*:*:*:*:*:*
  • cpe:2.3:a:memcached:memcached:1.4.24:*:*:*:*:*:*:*
    cpe:2.3:a:memcached:memcached:1.4.24:*:*:*:*:*:*:*
  • cpe:2.3:a:memcached:memcached:1.4.25:*:*:*:*:*:*:*
    cpe:2.3:a:memcached:memcached:1.4.25:*:*:*:*:*:*:*
  • cpe:2.3:a:memcached:memcached:1.4.26:*:*:*:*:*:*:*
    cpe:2.3:a:memcached:memcached:1.4.26:*:*:*:*:*:*:*
  • cpe:2.3:a:memcached:memcached:1.4.27:*:*:*:*:*:*:*
    cpe:2.3:a:memcached:memcached:1.4.27:*:*:*:*:*:*:*
  • cpe:2.3:a:memcached:memcached:1.4.28:*:*:*:*:*:*:*
    cpe:2.3:a:memcached:memcached:1.4.28:*:*:*:*:*:*:*
  • cpe:2.3:a:memcached:memcached:1.4.29:*:*:*:*:*:*:*
    cpe:2.3:a:memcached:memcached:1.4.29:*:*:*:*:*:*:*
  • cpe:2.3:a:memcached:memcached:1.4.30:*:*:*:*:*:*:*
    cpe:2.3:a:memcached:memcached:1.4.30:*:*:*:*:*:*:*
  • cpe:2.3:a:memcached:memcached:1.4.31:*:*:*:*:*:*:*
    cpe:2.3:a:memcached:memcached:1.4.31:*:*:*:*:*:*:*
  • cpe:2.3:a:memcached:memcached:1.4.32:*:*:*:*:*:*:*
    cpe:2.3:a:memcached:memcached:1.4.32:*:*:*:*:*:*:*
  • cpe:2.3:a:memcached:memcached:1.4.33:*:*:*:*:*:*:*
    cpe:2.3:a:memcached:memcached:1.4.33:*:*:*:*:*:*:*
  • cpe:2.3:a:memcached:memcached:1.4.34:*:*:*:*:*:*:*
    cpe:2.3:a:memcached:memcached:1.4.34:*:*:*:*:*:*:*
  • cpe:2.3:a:memcached:memcached:1.4.35:*:*:*:*:*:*:*
    cpe:2.3:a:memcached:memcached:1.4.35:*:*:*:*:*:*:*
  • cpe:2.3:a:memcached:memcached:1.4.36:*:*:*:*:*:*:*
    cpe:2.3:a:memcached:memcached:1.4.36:*:*:*:*:*:*:*
  • cpe:2.3:a:memcached:memcached:1.4.37:*:*:*:*:*:*:*
    cpe:2.3:a:memcached:memcached:1.4.37:*:*:*:*:*:*:*
  • cpe:2.3:a:memcached:memcached:1.4.38:*:*:*:*:*:*:*
    cpe:2.3:a:memcached:memcached:1.4.38:*:*:*:*:*:*:*
  • cpe:2.3:a:memcached:memcached:1.4.39:*:*:*:*:*:*:*
    cpe:2.3:a:memcached:memcached:1.4.39:*:*:*:*:*:*:*
  • cpe:2.3:a:memcached:memcached:1.5.0:*:*:*:*:*:*:*
    cpe:2.3:a:memcached:memcached:1.5.0:*:*:*:*:*:*:*
  • cpe:2.3:a:memcached:memcached:1.5.1:*:*:*:*:*:*:*
    cpe:2.3:a:memcached:memcached:1.5.1:*:*:*:*:*:*:*
  • cpe:2.3:a:memcached:memcached:1.5.2:*:*:*:*:*:*:*
    cpe:2.3:a:memcached:memcached:1.5.2:*:*:*:*:*:*:*
  • cpe:2.3:a:memcached:memcached:1.5.3:*:*:*:*:*:*:*
    cpe:2.3:a:memcached:memcached:1.5.3:*:*:*:*:*:*:*
  • cpe:2.3:a:memcached:memcached:1.5.4:*:*:*:*:*:*:*
    cpe:2.3:a:memcached:memcached:1.5.4:*:*:*:*:*:*:*
  • cpe:2.3:a:memcached:memcached:1.5.5:*:*:*:*:*:*:*
    cpe:2.3:a:memcached:memcached:1.5.5:*:*:*:*:*:*:*
  • cpe:2.3:a:memcached:memcached:1.5.6:*:*:*:*:*:*:*
    cpe:2.3:a:memcached:memcached:1.5.6:*:*:*:*:*:*:*
  • cpe:2.3:a:memcached:memcached:1.5.7:*:*:*:*:*:*:*
    cpe:2.3:a:memcached:memcached:1.5.7:*:*:*:*:*:*:*
  • cpe:2.3:a:memcached:memcached:1.5.8:*:*:*:*:*:*:*
    cpe:2.3:a:memcached:memcached:1.5.8:*:*:*:*:*:*:*
  • cpe:2.3:a:memcached:memcached:1.5.9:*:*:*:*:*:*:*
    cpe:2.3:a:memcached:memcached:1.5.9:*:*:*:*:*:*:*
  • cpe:2.3:a:memcached:memcached:1.5.10:*:*:*:*:*:*:*
    cpe:2.3:a:memcached:memcached:1.5.10:*:*:*:*:*:*:*
  • cpe:2.3:a:memcached:memcached:1.5.11:*:*:*:*:*:*:*
    cpe:2.3:a:memcached:memcached:1.5.11:*:*:*:*:*:*:*
  • cpe:2.3:a:memcached:memcached:1.5.12:*:*:*:*:*:*:*
    cpe:2.3:a:memcached:memcached:1.5.12:*:*:*:*:*:*:*
  • cpe:2.3:a:memcached:memcached:1.5.13:*:*:*:*:*:*:*
    cpe:2.3:a:memcached:memcached:1.5.13:*:*:*:*:*:*:*
  • cpe:2.3:o:canonical:ubuntu_linux:18.04:*:*:*:lts:*:*:*
    cpe:2.3:o:canonical:ubuntu_linux:18.04:*:*:*:lts:*:*:*
  • cpe:2.3:o:canonical:ubuntu_linux:18.10:*:*:*:*:*:*:*
    cpe:2.3:o:canonical:ubuntu_linux:18.10:*:*:*:*:*:*:*
  • cpe:2.3:o:canonical:ubuntu_linux:19.04:*:*:*:*:*:*:*
    cpe:2.3:o:canonical:ubuntu_linux:19.04:*:*:*:*:*:*:*
CVSS
Base: 5.0 (as of 26-05-2020 - 16:15)
Impact:
Exploitability:
CWE CWE-476
CAPEC
Access
VectorComplexityAuthentication
NETWORK LOW NONE
Impact
ConfidentialityIntegrityAvailability
NONE NONE PARTIAL
cvss-vector via4 AV:N/AC:L/Au:N/C:N/I:N/A:P
redhat via4
advisories
bugzilla
id 1706001
title causing denial of service
oval
OR
  • comment Red Hat Enterprise Linux must be installed
    oval oval:com.redhat.rhba:tst:20070304026
  • AND
    • comment Red Hat Enterprise Linux 8 is installed
      oval oval:com.redhat.rhba:tst:20193384074
    • OR
      • AND
        • comment memcached is earlier than 0:1.5.9-3.el8
          oval oval:com.redhat.rhsa:tst:20201576001
        • comment memcached is signed with Red Hat redhatrelease2 key
          oval oval:com.redhat.rhsa:tst:20162819002
      • AND
        • comment memcached-debugsource is earlier than 0:1.5.9-3.el8
          oval oval:com.redhat.rhsa:tst:20201576003
        • comment memcached-debugsource is signed with Red Hat redhatrelease2 key
          oval oval:com.redhat.rhsa:tst:20201576004
rhsa
id RHSA-2020:1576
released 2020-04-28
severity Moderate
title RHSA-2020:1576: memcached security update (Moderate)
rpms
  • memcached-0:1.5.9-3.el8
  • memcached-debuginfo-0:1.5.9-3.el8
  • memcached-debugsource-0:1.5.9-3.el8
  • memcached-0:1.4.39-3.el7ost
  • memcached-debuginfo-0:1.4.39-3.el7ost
refmap via4
fedora
  • FEDORA-2019-2bd8e73268
  • FEDORA-2019-df4c0ba2db
misc
suse openSUSE-SU-2020:0721
ubuntu USN-3963-1
Last major update 26-05-2020 - 16:15
Published 29-04-2019 - 15:29
Last modified 26-05-2020 - 16:15
Back to Top