Your submission was sent successfully! Close

You have successfully unsubscribed! Close

CVE-2020-10931

Published: 24 March 2020

Memcached 1.6.x before 1.6.2 allows remote attackers to cause a denial of service (daemon crash) via a crafted binary protocol header to try_read_command_binary in memcached.c.

Notes

Author	Note
leosilva	vulnerability introduced by commit 8e59147cba140

Priority

Cvss 3 Severity Score

7.5

Score breakdown

Status

Package	Release	Status
memcached Launchpad, Ubuntu, Debian	bionic	Not vulnerable (code not present)
	eoan	Not vulnerable (code not present)
	trusty	Does not exist
	upstream	Released (1.6.2-1)
	xenial	Not vulnerable (code not present)

Severity score breakdown

Parameter	Value
Base score	7.5
Attack vector	Network
Attack complexity	Low
Privileges required	None
User interaction	None
Scope	Unchanged
Confidentiality	None
Integrity impact	None
Availability impact	High
Vector	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

References

Bugs

http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=954808

Join the discussion

Canonical is offering Expanded Security Maintenance

Canonical is offering Ubuntu Expanded Security Maintenance (ESM) for security fixes and essential packages.

Find out more about ESM ›

Further reading