CVE-2019-11596

See a problem?
Please try reporting it to the source first.
Source
https://nvd.nist.gov/vuln/detail/CVE-2019-11596
Import Source
https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2019-11596.json
JSON Data
https://api.test.osv.dev/v1/vulns/CVE-2019-11596
Downstream
Related
Published
2019-04-29T15:29:00Z
Modified
2025-09-19T10:17:24.285648Z
Severity
  • 7.5 (High) CVSS_V3 - CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H CVSS Calculator
Summary
[none]
Details

In memcached before 1.5.14, a NULL pointer dereference was found in the "lru mode" and "lru tempttl" commands. This causes a denial of service when parsing crafted lru command messages in processlru_command in memcached.c.

References

Affected packages

Git / github.com/memcached/memcached

Affected ranges

Type
GIT
Repo
https://github.com/memcached/memcached
Events
Introduced
0 Unknown introduced commit / All previous commits are affected
Fixed
d35334f368817a77a6bd1f33c6a5676b2c402c02

Affected versions

1.*

1.2.0
1.2.1
1.2.2
1.2.3
1.2.4
1.2.5
1.2.6
1.3.2
1.3.3
1.4-rc1
1.4.0
1.4.0-rc1
1.4.1
1.4.1-rc1
1.4.10
1.4.11
1.4.11-beta1
1.4.11-rc1
1.4.12
1.4.13
1.4.14
1.4.15
1.4.16
1.4.17
1.4.18
1.4.19
1.4.2
1.4.2-rc1
1.4.20
1.4.21
1.4.22
1.4.23
1.4.24
1.4.25
1.4.26
1.4.27
1.4.28
1.4.29
1.4.3
1.4.3-rc1
1.4.3-rc2
1.4.30
1.4.31
1.4.32
1.4.33
1.4.34
1.4.35
1.4.36
1.4.37
1.4.38
1.4.39
1.4.4
1.4.5
1.4.6
1.4.6-rc1
1.4.7
1.4.7-rc1
1.4.8
1.4.8-rc1
1.4.9
1.5.0
1.5.1
1.5.10
1.5.11
1.5.12
1.5.13
1.5.2
1.5.3
1.5.4
1.5.5
1.5.6
1.5.7
1.5.8
1.5.9

Database specific 

{
    "vanir_signatures": [
        {
            "id": "CVE-2019-11596-1967f0fc",
            "digest": {
                "threshold": 0.9,
                "line_hashes": [
                    "336338268569158499963052161425897069766",
                    "233805561904951606682463767113544671142",
                    "231229471521055592333822676927951654106",
                    "26593720285494701453887140545018231728",
                    "182815948978057236121080318559136802571",
                    "276994487671645872219218029654209611268",
                    "99825156840206337896526214937028835528",
                    "104735872747704455308422766420332006806"
                ]
            },
            "signature_version": "v1",
            "target": {
                "file": "memcached.c"
            },
            "deprecated": false,
            "signature_type": "Line",
            "source": "https://github.com/memcached/memcached/commit/d35334f368817a77a6bd1f33c6a5676b2c402c02"
        },
        {
            "id": "CVE-2019-11596-dd15207d",
            "digest": {
                "length": 1658.0,
                "function_hash": "42977763465979728781145027344553028869"
            },
            "signature_version": "v1",
            "target": {
                "file": "memcached.c",
                "function": "process_lru_command"
            },
            "deprecated": false,
            "signature_type": "Function",
            "source": "https://github.com/memcached/memcached/commit/d35334f368817a77a6bd1f33c6a5676b2c402c02"
        }
    ]
}