CVE-2019-11596

In memcached before 1.5.14, a NULL pointer dereference was found in the "lru mode" and "lru tempttl" commands. This causes a denial of service when parsing crafted lru command messages in processlru_command in memcached.c.

References

Affected packages

Debian:11 / memcached

Package

Name: memcached
Purl: pkg:deb/debian/memcached?arch=source

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Fixed

1.5.6-1.1

Ecosystem specific

{
    "urgency": "not yet assigned"
}

Debian:12 / memcached

Package

Name: memcached
Purl: pkg:deb/debian/memcached?arch=source

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Fixed

1.5.6-1.1

Ecosystem specific

{
    "urgency": "not yet assigned"
}

Debian:13 / memcached

Package

Name: memcached
Purl: pkg:deb/debian/memcached?arch=source

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Fixed

1.5.6-1.1

Ecosystem specific

{
    "urgency": "not yet assigned"
}

Git / github.com/memcached/memcached

Affected ranges

Type: GIT
Repo: https://github.com/memcached/memcached
Events: Introduced

0 Unknown introduced commit / All previous commits are affected

Fixed

d35334f368817a77a6bd1f33c6a5676b2c402c02

Fixed

d35334f368817a77a6bd1f33c6a5676b2c402c02

Affected versions

1.*

1.2.0

1.2.1

1.2.2

1.2.3

1.2.4

1.2.5

1.2.6

1.3.2

1.3.3

1.4-rc1

1.4.0

1.4.0-rc1

1.4.1

1.4.1-rc1

1.4.10

1.4.11

1.4.11-beta1

1.4.11-rc1

1.4.12

1.4.13

1.4.14

1.4.15

1.4.16

1.4.17

1.4.18

1.4.19

1.4.2

1.4.2-rc1

1.4.20

1.4.21

1.4.22

1.4.23

1.4.24

1.4.25

1.4.26

1.4.27

1.4.28

1.4.29

1.4.3

1.4.3-rc1

1.4.3-rc2

1.4.30

1.4.31

1.4.32

1.4.33

1.4.34

1.4.35

1.4.36

1.4.37

1.4.38

1.4.39

1.4.4

1.4.5

1.4.6

1.4.6-rc1

1.4.7

1.4.7-rc1

1.4.8

1.4.8-rc1

1.4.9

1.5.0

1.5.1

1.5.10

1.5.11

1.5.12

1.5.13

1.5.2

1.5.3

1.5.4

1.5.5

1.5.6

1.5.7

1.5.8

1.5.9