711208 – (CVE-2019-15026) <net-misc/memcached-1.5.17: stack-based buffer over-read in conn_to_str in memcached.c (CVE-2019-15026)

Bug 711208 (CVE-2019-15026) - <net-misc/memcached-1.5.17: stack-based buffer over-read in conn_to_str in memcached.c (CVE-2019-15026)

Summary: <net-misc/memcached-1.5.17: stack-based buffer over-read in conn_to_str in me...

Status:	RESOLVED FIXED

Alias:	CVE-2019-15026

Product:	Gentoo Security
Classification:	Unclassified
Component:	Vulnerabilities (show other bugs)
Hardware:	All Linux

Importance:	Normal minor (vote)
Assignee:	Gentoo Security

URL:	https://github.com/memcached/memcache...
Whiteboard:	B3 [noglsa cve]
Keywords:

Depends on:
Blocks:

Reported:	2020-03-01 19:25 UTC by Sam James
Modified:	2020-05-02 21:43 UTC (History)
CC List:	2 users (show)

See Also:	https://github.com/gentoo/gentoo/pull/15111
Package list:	net-misc/memcached-1.5.22
Runtime testing required:	---

Flags:	stable-bot: sanity-check+

Attachments
Add an attachment (proposed patch, testcase, etc.)

Note You need to log in before you can comment on or make changes to this bug.

Description Sam James archtester

2020-03-01 19:25:06 UTC

Description:
"Stack based out-of-bounds memory read"

Quote from URL:
"... though given the nature of the bug, while it will trip ASAN, there's no way to exploit it and it only occurs over unix domain sockets. No data is copied past the end of any buffers. Still, we take this seriously and have repaired the offending code, just in case."

NVD: https://nvd.nist.gov/vuln/detail/CVE-2019-15026

Affects:
- <1.5.17

Comment 1 Agostino Sarubbo gentoo-dev

2020-03-05 08:21:31 UTC

s390 stable

Comment 2 Agostino Sarubbo gentoo-dev

2020-03-05 08:32:04 UTC

sparc stable

Comment 3 Agostino Sarubbo gentoo-dev

2020-03-05 09:23:44 UTC

arm stable

Comment 4 Agostino Sarubbo gentoo-dev

2020-03-05 09:24:33 UTC

ppc stable

Comment 5 Agostino Sarubbo gentoo-dev

2020-03-05 09:26:52 UTC

ppc64 stable

Comment 6 Agostino Sarubbo gentoo-dev

2020-03-05 09:27:27 UTC

ia64 stable

Comment 7 Mart Raudsepp gentoo-dev

2020-03-12 23:07:12 UTC

arm64 stable

Comment 8 Sam James archtester

2020-03-13 22:13:32 UTC

OK to cleanup?

Comment 9 Thomas Deutschmann (RETIRED) gentoo-dev

2020-03-15 02:53:01 UTC

GLSA Vote: No!

@ maintainer(s): Please cleanup and drop =net-misc/memcached-1.5.14!

Comment 10 Larry the Git Cow gentoo-dev

2020-03-25 21:22:43 UTC

The bug has been referenced in the following commit(s):

https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=d5f0f9d418d0a9477f08abc736ad6c1b98867ea1

commit d5f0f9d418d0a9477f08abc736ad6c1b98867ea1
Author:     Sam James (sam_c) <sam@cmpct.info>
AuthorDate: 2020-03-25 16:27:25 +0000
Commit:     Thomas Deutschmann <whissi@gentoo.org>
CommitDate: 2020-03-25 21:22:36 +0000

    net-misc/memcached: security cleanup (bug #711208)
    
    Bug: https://bugs.gentoo.org/711208
    Signed-off-by: Sam James (sam_c) <sam@cmpct.info>
    Closes: https://github.com/gentoo/gentoo/pull/15111
    Signed-off-by: Thomas Deutschmann <whissi@gentoo.org>

 net-misc/memcached/Manifest                |  1 -
 net-misc/memcached/memcached-1.5.14.ebuild | 97 ------------------------------
 2 files changed, 98 deletions(-)

Comment 11 Thomas Deutschmann (RETIRED) gentoo-dev

2020-03-25 21:23:21 UTC

Repository is clean, all done!

Comment 12 GLSAMaker/CVETool Bot gentoo-dev

2020-05-02 21:43:21 UTC

CVE-2019-15026 (https://nvd.nist.gov/vuln/detail/CVE-2019-15026):
  memcached 1.5.16, when UNIX sockets are used, has a stack-based buffer
  over-read in conn_to_str in memcached.c.