Gentoo Websites Logo
Go to: Gentoo Home Documentation Forums Lists Bugs Planet Store Wiki Get Gentoo!
Bug 711208 (CVE-2019-15026) - <net-misc/memcached-1.5.17: stack-based buffer over-read in conn_to_str in memcached.c (CVE-2019-15026)
Summary: <net-misc/memcached-1.5.17: stack-based buffer over-read in conn_to_str in me...
Alias: CVE-2019-15026
Product: Gentoo Security
Classification: Unclassified
Component: Vulnerabilities (show other bugs)
Hardware: All Linux
: Normal minor (vote)
Assignee: Gentoo Security
Whiteboard: B3 [noglsa cve]
Depends on:
Reported: 2020-03-01 19:25 UTC by Sam James
Modified: 2020-05-02 21:43 UTC (History)
2 users (show)

See Also:
Package list:
Runtime testing required: ---
stable-bot: sanity-check+


Note You need to log in before you can comment on or make changes to this bug.
Description Sam James archtester Gentoo Infrastructure gentoo-dev Security 2020-03-01 19:25:06 UTC
"Stack based out-of-bounds memory read"

Quote from URL:
"... though given the nature of the bug, while it will trip ASAN, there's no way to exploit it and it only occurs over unix domain sockets. No data is copied past the end of any buffers. Still, we take this seriously and have repaired the offending code, just in case."


- <1.5.17
Comment 1 Agostino Sarubbo gentoo-dev 2020-03-05 08:21:31 UTC
s390 stable
Comment 2 Agostino Sarubbo gentoo-dev 2020-03-05 08:32:04 UTC
sparc stable
Comment 3 Agostino Sarubbo gentoo-dev 2020-03-05 09:23:44 UTC
arm stable
Comment 4 Agostino Sarubbo gentoo-dev 2020-03-05 09:24:33 UTC
ppc stable
Comment 5 Agostino Sarubbo gentoo-dev 2020-03-05 09:26:52 UTC
ppc64 stable
Comment 6 Agostino Sarubbo gentoo-dev 2020-03-05 09:27:27 UTC
ia64 stable
Comment 7 Mart Raudsepp gentoo-dev 2020-03-12 23:07:12 UTC
arm64 stable
Comment 8 Sam James archtester Gentoo Infrastructure gentoo-dev Security 2020-03-13 22:13:32 UTC
OK to cleanup?
Comment 9 Thomas Deutschmann (RETIRED) gentoo-dev 2020-03-15 02:53:01 UTC
GLSA Vote: No!

@ maintainer(s): Please cleanup and drop =net-misc/memcached-1.5.14!
Comment 10 Larry the Git Cow gentoo-dev 2020-03-25 21:22:43 UTC
The bug has been referenced in the following commit(s):

commit d5f0f9d418d0a9477f08abc736ad6c1b98867ea1
Author:     Sam James (sam_c) <>
AuthorDate: 2020-03-25 16:27:25 +0000
Commit:     Thomas Deutschmann <>
CommitDate: 2020-03-25 21:22:36 +0000

    net-misc/memcached: security cleanup (bug #711208)
    Signed-off-by: Sam James (sam_c) <>
    Signed-off-by: Thomas Deutschmann <>

 net-misc/memcached/Manifest                |  1 -
 net-misc/memcached/memcached-1.5.14.ebuild | 97 ------------------------------
 2 files changed, 98 deletions(-)
Comment 11 Thomas Deutschmann (RETIRED) gentoo-dev 2020-03-25 21:23:21 UTC
Repository is clean, all done!
Comment 12 GLSAMaker/CVETool Bot gentoo-dev 2020-05-02 21:43:21 UTC
CVE-2019-15026 (
  memcached 1.5.16, when UNIX sockets are used, has a stack-based buffer
  over-read in conn_to_str in memcached.c.