Gentoo Websites Logo
Go to: Gentoo Home Documentation Forums Lists Bugs Planet Store Wiki Get Gentoo!

Bug 711208 (CVE-2019-15026)

Summary: <net-misc/memcached-1.5.17: stack-based buffer over-read in conn_to_str in memcached.c (CVE-2019-15026)
Product: Gentoo Security Reporter: Sam James <sam>
Component: VulnerabilitiesAssignee: Gentoo Security <security>
Severity: minor CC: prometheanfire, robbat2
Priority: Normal Flags: stable-bot: sanity-check+
Version: unspecified   
Hardware: All   
OS: Linux   
See Also:
Whiteboard: B3 [noglsa cve]
Package list:
Runtime testing required: ---

Description Sam James archtester gentoo-dev Security 2020-03-01 19:25:06 UTC
"Stack based out-of-bounds memory read"

Quote from URL:
"... though given the nature of the bug, while it will trip ASAN, there's no way to exploit it and it only occurs over unix domain sockets. No data is copied past the end of any buffers. Still, we take this seriously and have repaired the offending code, just in case."


- <1.5.17
Comment 1 Agostino Sarubbo gentoo-dev 2020-03-05 08:21:31 UTC
s390 stable
Comment 2 Agostino Sarubbo gentoo-dev 2020-03-05 08:32:04 UTC
sparc stable
Comment 3 Agostino Sarubbo gentoo-dev 2020-03-05 09:23:44 UTC
arm stable
Comment 4 Agostino Sarubbo gentoo-dev 2020-03-05 09:24:33 UTC
ppc stable
Comment 5 Agostino Sarubbo gentoo-dev 2020-03-05 09:26:52 UTC
ppc64 stable
Comment 6 Agostino Sarubbo gentoo-dev 2020-03-05 09:27:27 UTC
ia64 stable
Comment 7 Mart Raudsepp gentoo-dev 2020-03-12 23:07:12 UTC
arm64 stable
Comment 8 Sam James archtester gentoo-dev Security 2020-03-13 22:13:32 UTC
OK to cleanup?
Comment 9 Thomas Deutschmann gentoo-dev Security 2020-03-15 02:53:01 UTC
GLSA Vote: No!

@ maintainer(s): Please cleanup and drop =net-misc/memcached-1.5.14!
Comment 10 Larry the Git Cow gentoo-dev 2020-03-25 21:22:43 UTC
The bug has been referenced in the following commit(s):

commit d5f0f9d418d0a9477f08abc736ad6c1b98867ea1
Author:     Sam James (sam_c) <>
AuthorDate: 2020-03-25 16:27:25 +0000
Commit:     Thomas Deutschmann <>
CommitDate: 2020-03-25 21:22:36 +0000

    net-misc/memcached: security cleanup (bug #711208)
    Signed-off-by: Sam James (sam_c) <>
    Signed-off-by: Thomas Deutschmann <>

 net-misc/memcached/Manifest                |  1 -
 net-misc/memcached/memcached-1.5.14.ebuild | 97 ------------------------------
 2 files changed, 98 deletions(-)
Comment 11 Thomas Deutschmann gentoo-dev Security 2020-03-25 21:23:21 UTC
Repository is clean, all done!
Comment 12 GLSAMaker/CVETool Bot gentoo-dev 2020-05-02 21:43:21 UTC
CVE-2019-15026 (
  memcached 1.5.16, when UNIX sockets are used, has a stack-based buffer
  over-read in conn_to_str in memcached.c.