Skip to main content

Memcached CVE-2019-11596

HIGH
NULL Pointer Dereference (CWE-476)
2019-04-29 cve@mitre.org
7.5
CVSS 3.0 · NVD
Share

Severity by source

NVD PRIMARY
7.5 HIGH
AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

Primary rating from NVD · only source for this CVE.

CVSS VectorNVD

CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
Attack Vector
Network
Attack Complexity
Low
Privileges Required
None
User Interaction
None
Scope
Unchanged
Confidentiality
None
Integrity
None
Availability
High

Lifecycle Timeline

1
CVE Published
Apr 29, 2019 - 15:29 nvd
HIGH 7.5

DescriptionNVD

In memcached before 1.5.14, a NULL pointer dereference was found in the "lru mode" and "lru temp_ttl" commands. This causes a denial of service when parsing crafted lru command messages in process_lru_command in memcached.c.

AnalysisAI

In memcached before 1.5.14, a NULL pointer dereference was found in the "lru mode" and "lru temp_ttl" commands. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

Technical ContextAI

This vulnerability is classified as NULL Pointer Dereference (CWE-476), which allows attackers to crash the application by dereferencing a null pointer. In memcached before 1.5.14, a NULL pointer dereference was found in the "lru mode" and "lru temp_ttl" commands. This causes a denial of service when parsing crafted lru command messages in process_lru_command in memcached.c. Affected products include: Memcached, Canonical Ubuntu Linux. Version information: before 1.5.14.

RemediationAI

A vendor patch is available. Apply the latest security update as soon as possible. Check pointers before dereferencing. Use static analysis tools to detect null pointer paths.

CVE-2016-8706 HIGH POC
8.1 Jan 06

An integer overflow in process_bin_sasl_auth function in Memcached, which is responsible for authentication commands of

CVE-2016-8704 CRITICAL POC
9.8 Jan 06

An integer overflow in the process_bin_append_prepend function in Memcached, which is responsible for processing multipl

CVE-2016-8705 CRITICAL POC
9.8 Jan 06

Multiple integer overflows in process_bin_update function in Memcached, which is responsible for processing multiple com

CVE-2022-26635 CRITICAL POC
9.8 Apr 05

PHP-Memcached v2.2.0 and below contains an improper NULL termination which allows attackers to execute CLRF injection. R

CVE-2017-9951 HIGH POC
7.5 Jul 17

The try_read_command function in memcached.c in memcached before 1.4.39 allows remote attackers to cause a denial of ser

CVE-2020-10931 HIGH POC
7.5 Mar 24

Memcached 1.6.x before 1.6.2 allows remote attackers to cause a denial of service (daemon crash) via a crafted binary pr

CVE-2018-1000115 HIGH POC
7.5 Mar 05

Memcached version 1.5.5 contains an Insufficient Control of Network Message Volume (Network Amplification, CWE-406) vuln

CVE-2023-46853 CRITICAL
9.8 Oct 27

In Memcached before 1.6.22, an off-by-one error exists when processing proxy requests in proxy mode, if \n is used inste

CVE-2026-47783 HIGH
8.1 May 20

Observable timing discrepancy in memcached prior to version 1.6.42 enables remote attackers to enumerate valid SASL auth

CVE-2023-46852 HIGH
7.5 Oct 27

In Memcached before 1.6.22, a buffer overflow exists when processing multiget requests in proxy mode, if there are many

CVE-2019-15026 HIGH
7.5 Aug 30

memcached 1.5.16, when UNIX sockets are used, has a stack-based buffer over-read in conn_to_str in memcached.c. Rated hi

CVE-2018-1000127 HIGH
7.5 Mar 13

memcached version prior to 1.4.37 contains an Integer Overflow vulnerability in items.c:item_free() that can result in d

Share

CVE-2019-11596 vulnerability details – vuln.today

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy