Buffer Overflow Vulnerability in Mcrouter by Facebook
CVE-2019-11923

7.5HIGH

Key Information:

Vendor: Facebook
Status: Mcrouter
Vendor: CVE Published:; 4 December 2019

🔔 Create Facebook Vulnerability Alert

What is CVE-2019-11923?

A buffer overflow vulnerability exists in Mcrouter versions before v0.41.0 due to the deprecated ASCII parser allowing user-specified buffer allocation without a maximum limit. This can result in resource exhaustion, potentially causing a denial of service. Users are encouraged to upgrade to the latest version to mitigate this risk.

Affected Version(s)

Mcrouter 0.41.0

Mcrouter < 0.41.0

References

https://www.facebook.com/security/advisories/cve-2019-11923

x_refsource_CONFIRM

https://github.com/facebook/mcrouter/releases/tag/v0.41.0...

x_refsource_MISC

https://github.com/facebook/mcrouter/commit/98ce6624cd256...

x_refsource_MISC

CVSS V3.1

Score:

7.5

Severity:

HIGH

Confidentiality:

None

Integrity:

None

Availability:

None

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

None

Scope:

Unchanged

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Dec 4, 2019
Vulnerability Reserved
May 13, 2019

.