ID
VAR-201912-1719
CVE
CVE-2019-11923
TITLE
Mcrouter Resource Management Error Vulnerability
Trust: 1.2
sources:
CNVD: CNVD-2020-01010 //
CNNVD: CNNVD-201912-166
DESCRIPTION
In Mcrouter prior to v0.41.0, the deprecated ASCII parser would allocate a buffer to a user-specified length with no maximum length enforced, allowing for resource exhaustion or denial of service. Mcrouter Contains a resource exhaustion vulnerability.Denial of service (DoS) May be in a state. Mcrouter is a memcached protocol router. Mcrouter v0.41.0 has a resource management error vulnerability. Attackers can use this vulnerability to exhaust resources or cause a denial of service. There is a security vulnerability in Mcrouter prior to v0.41.0
Trust: 2.34
sources:
NVD: CVE-2019-11923 //
JVNDB: JVNDB-2019-012815 //
CNVD: CNVD-2020-01010 //
VULHUB: VHN-143618 //
VULMON: CVE-2019-11923
IOT TAXONOMY
| category: | ['Network device'] | sub_category: | - | Trust: 0.6 |
sources:
CNVD: CNVD-2020-01010
AFFECTED PRODUCTS
| vendor: | model: | mcrouter | scope: | lt | version: | 0.41.0 | Trust: 1.8 | |
| vendor: | mcrouter | model: | mcrouter | scope: | lt | version: | v0.41.0 | Trust: 0.6 |
sources:
CNVD: CNVD-2020-01010 //
JVNDB: JVNDB-2019-012815 //
NVD: CVE-2019-11923
CVSS
SEVERITY | CVSSV2 | CVSSV3 | |||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
|
|
sources:
CNVD: CNVD-2020-01010 //
VULHUB: VHN-143618 //
VULMON: CVE-2019-11923 //
JVNDB: JVNDB-2019-012815 //
CNNVD: CNNVD-201912-166 //
NVD: CVE-2019-11923
PROBLEMTYPE DATA
| problemtype: | CWE-770 | Trust: 1.1 |
| problemtype: | CWE-400 | Trust: 0.8 |
sources:
VULHUB: VHN-143618 //
JVNDB: JVNDB-2019-012815 //
NVD: CVE-2019-11923
THREAT TYPE
remote
Trust: 0.6
sources:
CNNVD: CNNVD-201912-166
TYPE
resource management error
Trust: 0.6
sources:
CNNVD: CNNVD-201912-166
CONFIGURATIONS
sources:
JVNDB: JVNDB-2019-012815
PATCH
| title: | CVE-2019-11923 | url: | https://www.facebook.com/security/advisories/cve-2019-11923 | Trust: 0.8 |
| title: | Enforce a limit on value bytes size | url: | https://github.com/facebook/mcrouter/commit/98ce6624cd2563cfdb5da3b2949d5e1e03867034 | Trust: 0.8 |
| title: | Version 41 | url: | https://github.com/facebook/mcrouter/releases/tag/v0.41.0-release | Trust: 0.8 |
| title: | Patch for Mcrouter Resource Management Error Vulnerability | url: | https://www.cnvd.org.cn/patchInfo/show/196411 | Trust: 0.6 |
| title: | Mcrouter Remediation of resource management error vulnerabilities | url: | http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=104758 | Trust: 0.6 |
sources:
CNVD: CNVD-2020-01010 //
JVNDB: JVNDB-2019-012815 //
CNNVD: CNNVD-201912-166
EXTERNAL IDS
| db: | NVD | id: | CVE-2019-11923 | Trust: 3.2 |
| db: | JVNDB | id: | JVNDB-2019-012815 | Trust: 0.8 |
| db: | CNNVD | id: | CNNVD-201912-166 | Trust: 0.7 |
| db: | CNVD | id: | CNVD-2020-01010 | Trust: 0.6 |
| db: | VULHUB | id: | VHN-143618 | Trust: 0.1 |
| db: | VULMON | id: | CVE-2019-11923 | Trust: 0.1 |
sources:
CNVD: CNVD-2020-01010 //
VULHUB: VHN-143618 //
VULMON: CVE-2019-11923 //
JVNDB: JVNDB-2019-012815 //
CNNVD: CNNVD-201912-166 //
NVD: CVE-2019-11923
REFERENCES
| url: | https://github.com/facebook/mcrouter/releases/tag/v0.41.0-release | Trust: 2.4 |
| url: | https://www.facebook.com/security/advisories/cve-2019-11923 | Trust: 1.8 |
| url: | https://github.com/facebook/mcrouter/commit/98ce6624cd2563cfdb5da3b2949d5e1e03867034 | Trust: 1.8 |
| url: | https://nvd.nist.gov/vuln/detail/cve-2019-11923 | Trust: 1.4 |
| url: | https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2019-11923 | Trust: 0.8 |
| url: | https://cwe.mitre.org/data/definitions/770.html | Trust: 0.1 |
| url: | https://nvd.nist.gov | Trust: 0.1 |
sources:
CNVD: CNVD-2020-01010 //
VULHUB: VHN-143618 //
VULMON: CVE-2019-11923 //
JVNDB: JVNDB-2019-012815 //
CNNVD: CNNVD-201912-166 //
NVD: CVE-2019-11923
SOURCES
| db: | CNVD | id: | CNVD-2020-01010 |
| db: | VULHUB | id: | VHN-143618 |
| db: | VULMON | id: | CVE-2019-11923 |
| db: | JVNDB | id: | JVNDB-2019-012815 |
| db: | CNNVD | id: | CNNVD-201912-166 |
| db: | NVD | id: | CVE-2019-11923 |
LAST UPDATE DATE
2024-11-23T22:44:45.801000+00:00
SOURCES UPDATE DATE
| db: | CNVD | id: | CNVD-2020-01010 | date: | 2020-01-08T00:00:00 |
| db: | VULHUB | id: | VHN-143618 | date: | 2020-08-24T00:00:00 |
| db: | VULMON | id: | CVE-2019-11923 | date: | 2020-08-24T00:00:00 |
| db: | JVNDB | id: | JVNDB-2019-012815 | date: | 2019-12-13T00:00:00 |
| db: | CNNVD | id: | CNNVD-201912-166 | date: | 2020-08-25T00:00:00 |
| db: | NVD | id: | CVE-2019-11923 | date: | 2024-11-21T04:21:59.480 |
SOURCES RELEASE DATE
| db: | CNVD | id: | CNVD-2020-01010 | date: | 2020-01-08T00:00:00 |
| db: | VULHUB | id: | VHN-143618 | date: | 2019-12-04T00:00:00 |
| db: | VULMON | id: | CVE-2019-11923 | date: | 2019-12-04T00:00:00 |
| db: | JVNDB | id: | JVNDB-2019-012815 | date: | 2019-12-13T00:00:00 |
| db: | CNNVD | id: | CNNVD-201912-166 | date: | 2019-12-04T00:00:00 |
| db: | NVD | id: | CVE-2019-11923 | date: | 2019-12-04T16:15:11.637 |