CVE-2016-8706

HIGH NUCLEI

Memcached - RCE

Title source: llm

Description

An integer overflow in process_bin_sasl_auth function in Memcached, which is responsible for authentication commands of Memcached binary protocol, can be abused to cause heap overflow and lead to remote code execution.

Nuclei Templates (1)

Memcached Server SASL Authentication - Remote Code Execution

HIGHby pussycat0x

References (6)

[Vendor Advisory] http://rhn.redhat.com/errata/RHSA-2016-2819.html

[Third Party Advisory, VDB Entry] http://www.securitytracker.com/id/1037333

[Exploit, Technical Description, Third Party Advisory, VDB Entry] http://www.talosintelligence.com/reports/TALOS-2016-0221/

[Third Party Advisory, VDB Entry] http://www.securityfocus.com/bid/94083

[Third Party Advisory] http://www.debian.org/security/2016/dsa-3704

[Third Party Advisory] https://security.gentoo.org/glsa/201701-12

Scores

CVSS v3 8.1

EPSS 0.5179

EPSS Percentile 97.9%

Attack Vector NETWORK

CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H

Details

CWE

CWE-190

Status published

Products (2)

memcached/memcached < 1.4.31

Memcached/Memcached 1.4.31

Published Jan 06, 2017

Tracked Since Feb 18, 2026