CVE-2020-22570: 
Memcached vulnerability analysis and mitigation

Memcached versions 1.6.0 before 1.6.3 contains a vulnerability that allows remote attackers to cause a denial of service (daemon crash) via a crafted meta command (NVD, CVE). The vulnerability was discovered and reported on March 27, 2020.

The vulnerability stems from a NULL pointer reference bug in the memcached.c file. Specifically, in the processmgetcommand function, there is a local variable 'errstr' defined as a char which is not properly initialized. When the metaflag_preparse function is called with 'errstr' as the 4th parameter, under certain conditions with commands 'F' or 'S', errstr remains uninitialized, leading to a NULL pointer dereference when accessing outerrstring->outstring->strlen (GitHub Issue).

When successfully exploited, this vulnerability allows remote attackers to cause a denial of service condition by crashing the memcached daemon. This can result in service disruption for applications relying on the affected memcached instances (NVD).

The vulnerability has been fixed in Memcached version 1.6.3. Users running affected versions (1.6.0 to 1.6.2) should upgrade to version 1.6.3 or later to mitigate this security issue (Debian Security).