CVE-2019-11596

See a problem?
Please try reporting it to the source first.
Source
https://cve.org/CVERecord?id=CVE-2019-11596
Import Source
https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2019-11596.json
JSON Data
https://api.test.osv.dev/v1/vulns/CVE-2019-11596
Downstream
Related
Published
2019-04-29T15:29:00.983Z
Modified
2026-03-13T14:32:46.406743Z
Severity
  • 7.5 (High) CVSS_V3 - CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H CVSS Calculator
Summary
[none]
Details

In memcached before 1.5.14, a NULL pointer dereference was found in the "lru mode" and "lru tempttl" commands. This causes a denial of service when parsing crafted lru command messages in processlru_command in memcached.c.

References

Affected packages

Git / github.com/memcached/memcached

Affected ranges

Type
GIT
Repo
https://github.com/memcached/memcached
Events
Introduced
0 Unknown introduced commit / All previous commits are affected
Fixed
50bdc9f3e134122e280031683f2b502f84e96624
Fixed
d35334f368817a77a6bd1f33c6a5676b2c402c02
Database specific 
{
    "versions": [
        {
            "introduced": "0"
        },
        {
            "fixed": "1.5.14"
        }
    ]
}

Affected versions

1.*
1.2.0
1.2.1
1.2.2
1.2.3
1.2.4
1.2.5
1.2.6
1.3.2
1.3.3
1.4-rc1
1.4.0
1.4.0-rc1
1.4.1
1.4.1-rc1
1.4.10
1.4.11
1.4.11-beta1
1.4.11-rc1
1.4.12
1.4.13
1.4.14
1.4.15
1.4.16
1.4.17
1.4.18
1.4.19
1.4.2
1.4.2-rc1
1.4.20
1.4.21
1.4.22
1.4.23
1.4.24
1.4.25
1.4.26
1.4.27
1.4.28
1.4.29
1.4.3
1.4.3-rc1
1.4.3-rc2
1.4.30
1.4.31
1.4.32
1.4.33
1.4.34
1.4.35
1.4.36
1.4.37
1.4.38
1.4.39
1.4.4
1.4.5
1.4.6
1.4.6-rc1
1.4.7
1.4.7-rc1
1.4.8
1.4.8-rc1
1.4.9
1.5.0
1.5.1
1.5.10
1.5.11
1.5.12
1.5.13
1.5.2
1.5.3
1.5.4
1.5.5
1.5.6
1.5.7
1.5.8
1.5.9

Database specific

unresolved_ranges 
[
    {
        "events": [
            {
                "introduced": "0"
            },
            {
                "last_affected": "18.04"
            }
        ]
    },
    {
        "events": [
            {
                "introduced": "0"
            },
            {
                "last_affected": "18.10"
            }
        ]
    },
    {
        "events": [
            {
                "introduced": "0"
            },
            {
                "last_affected": "19.04"
            }
        ]
    }
]
vanir_signatures 
[
    {
        "signature_version": "v1",
        "target": {
            "file": "memcached.c"
        },
        "digest": {
            "threshold": 0.9,
            "line_hashes": [
                "336338268569158499963052161425897069766",
                "233805561904951606682463767113544671142",
                "231229471521055592333822676927951654106",
                "26593720285494701453887140545018231728",
                "182815948978057236121080318559136802571",
                "276994487671645872219218029654209611268",
                "99825156840206337896526214937028835528",
                "104735872747704455308422766420332006806"
            ]
        },
        "source": "https://github.com/memcached/memcached/commit/d35334f368817a77a6bd1f33c6a5676b2c402c02",
        "signature_type": "Line",
        "id": "CVE-2019-11596-1967f0fc",
        "deprecated": false
    },
    {
        "signature_version": "v1",
        "target": {
            "file": "memcached.c"
        },
        "digest": {
            "threshold": 0.9,
            "line_hashes": [
                "334107896010247307306285089201430887264",
                "292587837676685207845281362231269287661",
                "326331395937243589754860394150976833119",
                "304038349451795819667314727527463833519"
            ]
        },
        "source": "https://github.com/memcached/memcached/commit/50bdc9f3e134122e280031683f2b502f84e96624",
        "signature_type": "Line",
        "id": "CVE-2019-11596-9c61e3bc",
        "deprecated": false
    },
    {
        "signature_version": "v1",
        "target": {
            "function": "process_lru_command",
            "file": "memcached.c"
        },
        "digest": {
            "length": 1658.0,
            "function_hash": "42977763465979728781145027344553028869"
        },
        "source": "https://github.com/memcached/memcached/commit/d35334f368817a77a6bd1f33c6a5676b2c402c02",
        "signature_type": "Function",
        "id": "CVE-2019-11596-dd15207d",
        "deprecated": false
    },
    {
        "signature_version": "v1",
        "target": {
            "function": "usage",
            "file": "memcached.c"
        },
        "digest": {
            "length": 9085.0,
            "function_hash": "303273679678963204193124815876744601712"
        },
        "source": "https://github.com/memcached/memcached/commit/50bdc9f3e134122e280031683f2b502f84e96624",
        "signature_type": "Function",
        "id": "CVE-2019-11596-dfb07e0d",
        "deprecated": false
    }
]
source 
"https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2019-11596.json"