CVE-2016-8704
CRITICALMemcached < 1.4.31 - Remote Code Execution via Integer Overflow in process_bin_append_prepend
Title source: manualDescription
An integer overflow in the process_bin_append_prepend function in Memcached, which is responsible for processing multiple commands of Memcached binary protocol, can be abused to cause heap overflow and lead to remote code execution.
References (8)
Core 8
Core References
Third Party Advisory vendor-advisory
x_refsource_gentoo
https://security.gentoo.org/glsa/201701-12
Third Party Advisory vendor-advisory
x_refsource_debian
http://www.debian.org/security/2016/dsa-3704
Vendor Advisory vendor-advisory
x_refsource_redhat
http://rhn.redhat.com/errata/RHSA-2016-2819.html
Third Party Advisory, VDB Entry vdb-entry
x_refsource_bid
http://www.securityfocus.com/bid/94083
Vendor Advisory vendor-advisory
x_refsource_redhat
http://rhn.redhat.com/errata/RHSA-2016-2820.html
Vendor Advisory vendor-advisory
x_refsource_redhat
https://access.redhat.com/errata/RHSA-2017:0059
Third Party Advisory, VDB Entry vdb-entry
x_refsource_sectrack
http://www.securitytracker.com/id/1037333
Exploit, Technical Description, Third Party Advisory, VDB Entry x_refsource_misc
http://www.talosintelligence.com/reports/TALOS-2016-0219/
Scores
CVSS v3
9.8
EPSS
0.2317
EPSS Percentile
97.5%
Attack Vector
NETWORK
CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Details
CWE
CWE-190
Status
published
Products (2)
memcached/memcached
< 1.4.31
Memcached/Memcached
1.4.31
Published
Jan 06, 2017
Tracked Since
Feb 18, 2026