Your submission was sent successfully! Close

CVE-2019-11596

Published: 29 April 2019

In memcached before 1.5.14, a NULL pointer dereference was found in the "lru mode" and "lru temp_ttl" commands. This causes a denial of service when parsing crafted lru command messages in process_lru_command in memcached.c.

Priority

Medium

CVSS 3 base score: 7.5

Status

Package Release Status
memcached
Launchpad, Ubuntu, Debian
bionic
Released (1.5.6-0ubuntu1.1)
cosmic
Released (1.5.10-0ubuntu1.18.10.1)
disco
Released (1.5.10-0ubuntu1.19.04.1)
precise Does not exist

trusty Does not exist

upstream
Released (1.5.14)
xenial Not vulnerable
(code not present)
Patches:
upstream: https://github.com/memcached/memcached/commit/d35334f368817a77a6bd1f33c6a5676b2c402c02