CVE-2019-11923

Published: Dec 4, 2019

Modified: Aug 4, 2024

PUBLISHED

Description

In Mcrouter prior to v0.41.0, the deprecated ASCII parser would allocate a buffer to a user-specified length with no maximum length enforced, allowing for resource exhaustion or denial of service.

Vendor	Product	Versions
Facebook	Mcrouter	affected `0.41.0` affected `unspecified - < 0.41.0`

References

https://www.facebook.com/security/advisories/cve-2019-11923

x_refsource_CONFIRM

https://github.com/facebook/mcrouter/releases/tag/v0.41.0-release

x_refsource_MISC

https://github.com/facebook/mcrouter/commit/98ce6624cd2563cfdb5da3b2949d5e1e03867034

x_refsource_MISC

Security Training

Train your team to recognize and prevent security threats with our comprehensive security awareness program.

Start Training

Vulnerability Scanning

Discover vulnerabilities in your applications and infrastructure before attackers do.

Scan Now

CVE-2019-11923

Description

Affected Products

References