CVE-2019-11596

Published: 29 April 2019

In memcached before 1.5.14, a NULL pointer dereference was found in the "lru mode" and "lru temp_ttl" commands. This causes a denial of service when parsing crafted lru command messages in process_lru_command in memcached.c.

Priority

Medium

CVSS 3 base score: 7.5

Status

Package Release Status
memcached
Launchpad, Ubuntu, Debian
Upstream
Released (1.5.14)
Ubuntu 18.04 LTS (Bionic Beaver)
Released (1.5.6-0ubuntu1.1)
Ubuntu 16.04 ESM (Xenial Xerus) Not vulnerable
(code not present)
Ubuntu 14.04 ESM (Trusty Tahr) Does not exist

Patches:
Upstream: https://github.com/memcached/memcached/commit/d35334f368817a77a6bd1f33c6a5676b2c402c02