Candidate: CVE-2020-10931
PublicDate: 2020-03-24 15:15:00 UTC
References:
 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-10931
 https://github.com/memcached/memcached/issues/629
 https://github.com/memcached/memcached/commit/02c6a2b62ddcb6fa4569a591d3461a156a636305
 https://github.com/memcached/memcached/wiki/ReleaseNotes162
Description:
 Memcached 1.6.x before 1.6.2 allows remote attackers to cause a denial of
 service (daemon crash) via a crafted binary protocol header to
 try_read_command_binary in memcached.c.
Ubuntu-Description:
Notes:
 leosilva> vulnerability introduced by commit 8e59147cba140
Mitigation:
Bugs:
 http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=954808
Priority: medium
Discovered-by:
Assigned-to:
CVSS:
 nvd: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H [7.5 HIGH]


Patches_memcached:
upstream_memcached: released (1.6.2-1)
precise/esm_memcached: DNE
trusty_memcached: ignored (out of standard support)
trusty/esm_memcached: DNE
xenial_memcached: not-affected (code not present)
esm-infra/xenial_memcached: not-affected (code not present)
bionic_memcached: not-affected (code not present)
eoan_memcached: not-affected (code not present)
devel_memcached: not-affected (code not present)