| Reporter | Title | Published | Views | Family All 84 |
|---|---|---|---|---|
| Alibaba Cloud Linux 3 : 0079: memcached (ALINUX3-SA-2022:0079) | 14 May 202500:00 | โ | nessus | |
| CentOS 8 : memcached (CESA-2020:1576) | 1 Feb 202100:00 | โ | nessus | |
| EulerOS Virtualization for ARM 64 3.0.3.0 : memcached (EulerOS-SA-2019-2330) | 3 Dec 201900:00 | โ | nessus | |
| Fedora 30 : memcached (2019-2bd8e73268) | 16 May 201900:00 | โ | nessus | |
| Fedora 29 : memcached (2019-df4c0ba2db) | 16 May 201900:00 | โ | nessus | |
| NewStart CGSL MAIN 6.01 : memcached Vulnerability (NS-SA-2020-0033) | 21 Jul 202000:00 | โ | nessus | |
| openSUSE Security Update : memcached (openSUSE-2020-721) | 29 May 202000:00 | โ | nessus | |
| Oracle Linux 8 : memcached (ELSA-2020-1576) | 7 Sep 202300:00 | โ | nessus | |
| RHEL 8 : memcached (RHSA-2020:1576) | 28 Apr 202000:00 | โ | nessus | |
| RHEL 7 : memcached (RHSA-2020:5583) | 18 Dec 202000:00 | โ | nessus |
#%NASL_MIN_LEVEL 80900
##
# (C) Tenable, Inc.
#
# The descriptive text and package checks in this plugin were
# extracted from Tencent Linux Security Advisory TSSA-2022:0079.
##
include('deprecated_nasl_level.inc');
include('compat.inc');
if (description)
{
script_id(239088);
script_version("1.2");
script_set_attribute(attribute:"plugin_modification_date", value:"2025/11/20");
script_cve_id("CVE-2019-11596");
script_name(english:"TencentOS Server 3: memcached (TSSA-2022:0079)");
script_set_attribute(attribute:"synopsis", value:
"The remote TencentOS Server 3 host is missing one or more security updates.");
script_set_attribute(attribute:"description", value:
"The version of Tencent Linux installed on the remote TencentOS Server 3 host is prior to tested version. It is,
therefore, affected by a vulnerability as referenced in the TSSA-2022:0079 advisory.
Package updates are available for TencentOS Server 3 that fix the following vulnerabilities:
CVE-2019-11596:
In memcached before 1.5.14, a NULL pointer dereference was found in the lru mode and lru temp_ttl
commands. This causes a denial of service when parsing crafted lru command messages in process_lru_command
in memcached.c.
Tenable has extracted the preceding description block directly from the Tencent Linux security advisory.
Note that Nessus has not tested for this issue but has instead relied only on the application's self-reported version
number.");
script_set_attribute(attribute:"see_also", value:"https://mirrors.tencent.com/tlinux/errata/tssa-20220079.xml");
script_set_attribute(attribute:"solution", value:
"Update the affected packages.");
script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:N/I:N/A:P");
script_set_cvss_temporal_vector("CVSS2#E:POC/RL:OF/RC:C");
script_set_cvss3_base_vector("CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H");
script_set_cvss3_temporal_vector("CVSS:3.0/E:P/RL:O/RC:C");
script_set_attribute(attribute:"cvss_score_source", value:"CVE-2019-11596");
script_set_attribute(attribute:"exploitability_ease", value:"Exploits are available");
script_set_attribute(attribute:"exploit_available", value:"true");
script_set_attribute(attribute:"vuln_publication_date", value:"2022/07/03");
script_set_attribute(attribute:"patch_publication_date", value:"2022/07/03");
script_set_attribute(attribute:"plugin_publication_date", value:"2025/06/16");
script_set_attribute(attribute:"plugin_type", value:"local");
script_set_attribute(attribute:"cpe", value:"cpe:/o:tencent:tencentos_server:3");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:tencent:tencentos_server:memcached");
script_set_attribute(attribute:"generated_plugin", value:"current");
script_end_attributes();
script_category(ACT_GATHER_INFO);
script_family(english:"Tencent Local Security Checks");
script_copyright(english:"This script is Copyright (C) 2025 and is owned by Tenable, Inc. or an Affiliate thereof.");
script_dependencies("ssh_get_info2.nasl");
script_require_keys("Host/local_checks_enabled", "Host/etc/os-release", "Host/TencentOS/rpm-list", "Host/cpu");
exit(0);
}
include('rpm2.inc');
if (!get_kb_item('Host/local_checks_enabled')) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);
var os_product = get_kb_item('installed_os/local/SSH/0/product');
if (isnull(os_product) || 'TencentOS' >!< os_product) audit(AUDIT_OS_NOT, 'TencentOS');
var os_version = get_kb_item('installed_os/local/SSH/0/version');
if (isnull(os_version)) audit(AUDIT_UNKNOWN_APP_VER, 'TencentOS');
if (! preg(pattern:"^3([^0-9]|$)", string:os_version)) audit(AUDIT_OS_NOT, 'TencentOS 3.x', 'TencentOS ' + os_version);
if (!get_kb_item('Host/TencentOS/rpm-list')) audit(AUDIT_PACKAGE_LIST_MISSING);
var cpu = get_kb_item('Host/cpu');
if (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);
if ('x86_64' >!< cpu && cpu !~ "^i[3-6]86$" && 's390' >!< cpu && 'aarch64' >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, 'TencentOS', cpu);
var constraints = [
{
'release': '3',
'pkgs': [
{'reference':'memcached-1.5.22-2.tl3', 'cpu':'aarch64', 'rpm_spec_vers_cmp':TRUE},
{'reference':'memcached-1.5.22-2.tl3', 'cpu':'x86_64', 'rpm_spec_vers_cmp':TRUE},
{'reference':'memcached-debuginfo-1.5.22-2.tl3', 'cpu':'aarch64', 'rpm_spec_vers_cmp':TRUE},
{'reference':'memcached-debuginfo-1.5.22-2.tl3', 'cpu':'x86_64', 'rpm_spec_vers_cmp':TRUE},
{'reference':'memcached-debugsource-1.5.22-2.tl3', 'cpu':'aarch64', 'rpm_spec_vers_cmp':TRUE},
{'reference':'memcached-debugsource-1.5.22-2.tl3', 'cpu':'x86_64', 'rpm_spec_vers_cmp':TRUE},
{'reference':'memcached-devel-1.5.22-2.tl3', 'cpu':'aarch64', 'rpm_spec_vers_cmp':TRUE},
{'reference':'memcached-devel-1.5.22-2.tl3', 'cpu':'x86_64', 'rpm_spec_vers_cmp':TRUE}
]
}
];
var os_release = get_one_kb_item('installed_os/local/SSH/0/release');
var os_sp = get_one_kb_item('Host/*/minor_release');
var flag = 0;
var reference;
var sp;
var _cpu;
var el_string;
var rpm_spec_vers_cmp;
var epoch;
var allowmaj;
var exists_check;
var cves;
foreach var constraint ( constraints ) {
# Check that the target release is equal to the affected release
if (!empty_or_null(constraint['release'])){
if (constraint['release'] != os_release) continue;
}
if (!empty_or_null(constraint['sp'])){
if (constraint['sp'] != os_sp) continue;
}
foreach var pkg ( constraint['pkgs'] ) {
reference = NULL;
sp = NULL;
_cpu = NULL;
el_string = NULL;
rpm_spec_vers_cmp = NULL;
epoch = NULL;
allowmaj = NULL;
exists_check = NULL;
cves = NULL;
if (!empty_or_null(pkg['reference'])) reference = pkg['reference'];
if (!empty_or_null(pkg['sp'])) sp = pkg['sp'];
if (!empty_or_null(pkg['cpu'])) _cpu = pkg['cpu'];
if (!empty_or_null(pkg['el_string'])) el_string = pkg['el_string'];
if (!empty_or_null(pkg['rpm_spec_vers_cmp'])) rpm_spec_vers_cmp = pkg['rpm_spec_vers_cmp'];
if (!empty_or_null(pkg['epoch'])) epoch = pkg['epoch'];
if (!empty_or_null(pkg['allowmaj'])) allowmaj = pkg['allowmaj'];
if (!empty_or_null(pkg['exists_check'])) exists_check = pkg['exists_check'];
if (!empty_or_null(pkg['cves'])) cves = pkg['cves'];
if (reference &&
## (no known rpm to check OR known rpm_exists)
(!exists_check || rpm_exists(rpm:exists_check)) &&
rpm_check(sp:sp, cpu:_cpu, reference:reference, epoch:epoch, el_string:el_string, rpm_spec_vers_cmp:rpm_spec_vers_cmp, allowmaj:allowmaj, cves:cves)) flag++;
}
}
if (flag)
{
security_report_v4(
port : 0,
severity : SECURITY_WARNING,
extra : rpm_report_get()
);
exit(0);
}
else
{
var tested = pkg_tests_get();
if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);
else audit(AUDIT_PACKAGE_NOT_INSTALLED, 'memcached / memcached-debuginfo / memcached-debugsource / etc');
}
Data
Build on a solid foundation withย Vulners data
Weย provide theย essential building blocks forย cybersecurity solutions withย comprehensive, structured, andย constantly updated vulnerability andย exploits data
Api
Power your application withย Vulners API
The Vulners REST API offers reliable, high-performance access toย vulnerabilityย intelligence, withย 99.9%ย SLAย uptime andย CDN-backed data delivery forย seamlessย global access
App
Assess and manage vulnerabilities withย Vulnersย tools
Built on top of Vulners' database and SDK, end-user solutions give security professionals and developers lightweight and powerful tools for vulnerability remediation