CVE-2020-10931

Name	CVE-2020-10931
Description	Memcached 1.6.x before 1.6.2 allows remote attackers to cause a denial of service (daemon crash) via a crafted binary protocol header to try_read_command_binary in memcached.c.
Source	CVE (at NVD; CERT, LWN, oss-sec, fulldisc, Red Hat, Ubuntu, Gentoo, SUSE bugzilla/CVE, GitHub advisories/code/issues, web search, more)
Debian Bugs	954808

Vulnerable and fixed packages

The table below lists information on source packages.

Source Package	Release	Version	Status
memcached (PTS)	bullseye	1.6.9+dfsg-1	fixed
	bookworm	1.6.18-1	fixed
	trixie	1.6.32-1	fixed
	sid	1.6.32-2	fixed

The information below is based on the following data on fixed versions.

Package	Type	Release	Fixed Version	Debian Bugs
memcached	source	jessie	(not affected)
memcached	source	stretch	(not affected)
memcached	source	buster	(not affected)
memcached	source	(unstable)	1.6.2-1	954808

Notes

[buster] - memcached <not-affected> (Introduced in 1.6)
[stretch] - memcached <not-affected> (Introduced in 1.6)
[jessie] - memcached <not-affected> (Introduced in 1.6)
https://github.com/memcached/memcached/issues/629
https://github.com/memcached/memcached/commit/02c6a2b62ddcb6fa4569a591d3461a156a636305