Memcached 1.6.x before 1.6.2 allows remote attackers to cause a denial of service (daemon crash) via a crafted binary protocol header to tryreadcommand_binary in memcached.c.
{ "vanir_signatures": [ { "id": "CVE-2020-10931-18df148d", "signature_type": "Line", "target": { "file": "memcached.c" }, "digest": { "line_hashes": [ "60729425787205775525629116097709335923", "155528682348179993748654765443873325237", "32507371053848599705866725944711999623", "28161909986594551437781044272282309277", "10891478072836292451615605853983240402" ], "threshold": 0.9 }, "deprecated": false, "signature_version": "v1", "source": "https://github.com/memcached/memcached/commit/02c6a2b62ddcb6fa4569a591d3461a156a636305" }, { "id": "CVE-2020-10931-4c30de66", "signature_type": "Function", "target": { "file": "memcached.c", "function": "try_read_command_binary" }, "digest": { "function_hash": "286460963442076244618714784430206597643", "length": 1982.0 }, "deprecated": false, "signature_version": "v1", "source": "https://github.com/memcached/memcached/commit/02c6a2b62ddcb6fa4569a591d3461a156a636305" } ] }