Vulnerability Details CVE-2016-8704
An integer overflow in the process_bin_append_prepend function in Memcached, which is responsible for processing multiple commands of Memcached binary protocol, can be abused to cause heap overflow and lead to remote code execution.
Exploit prediction scoring system (EPSS) score
EPSS Score 0.473
EPSS Ranking 97.5%
CVSS Severity
CVSS v3 Score 9.8
CVSS v2 Score 7.5
References
- http://rhn.redhat.com/errata/RHSA-2016-2819.html
- http://rhn.redhat.com/errata/RHSA-2016-2820.html
- http://www.debian.org/security/2016/dsa-3704
- http://www.securityfocus.com/bid/94083
- http://www.securitytracker.com/id/1037333
- http://www.talosintelligence.com/reports/TALOS-2016-0219/
- https://access.redhat.com/errata/RHSA-2017:0059
- https://security.gentoo.org/glsa/201701-12
- http://rhn.redhat.com/errata/RHSA-2016-2819.html
- http://rhn.redhat.com/errata/RHSA-2016-2820.html
- http://www.debian.org/security/2016/dsa-3704
- http://www.securityfocus.com/bid/94083
- http://www.securitytracker.com/id/1037333
- http://www.talosintelligence.com/reports/TALOS-2016-0219/
- https://access.redhat.com/errata/RHSA-2017:0059
- https://security.gentoo.org/glsa/201701-12
Products affected by CVE-2016-8704
-
cpe:2.3:a:memcached:memcached:1.2.7
-
cpe:2.3:a:memcached:memcached:1.2.8
-
cpe:2.3:a:memcached:memcached:1.4.0
-
cpe:2.3:a:memcached:memcached:1.4.1
-
cpe:2.3:a:memcached:memcached:1.4.10
-
cpe:2.3:a:memcached:memcached:1.4.11
-
cpe:2.3:a:memcached:memcached:1.4.12
-
cpe:2.3:a:memcached:memcached:1.4.13
-
cpe:2.3:a:memcached:memcached:1.4.14
-
cpe:2.3:a:memcached:memcached:1.4.15
-
cpe:2.3:a:memcached:memcached:1.4.16
-
cpe:2.3:a:memcached:memcached:1.4.17
-
cpe:2.3:a:memcached:memcached:1.4.18
-
cpe:2.3:a:memcached:memcached:1.4.19
-
cpe:2.3:a:memcached:memcached:1.4.2
-
cpe:2.3:a:memcached:memcached:1.4.20
-
cpe:2.3:a:memcached:memcached:1.4.21
-
cpe:2.3:a:memcached:memcached:1.4.22
-
cpe:2.3:a:memcached:memcached:1.4.23
-
cpe:2.3:a:memcached:memcached:1.4.24
-
cpe:2.3:a:memcached:memcached:1.4.25
-
cpe:2.3:a:memcached:memcached:1.4.26
-
cpe:2.3:a:memcached:memcached:1.4.27
-
cpe:2.3:a:memcached:memcached:1.4.28
-
cpe:2.3:a:memcached:memcached:1.4.29
-
cpe:2.3:a:memcached:memcached:1.4.3
-
cpe:2.3:a:memcached:memcached:1.4.30
-
cpe:2.3:a:memcached:memcached:1.4.31
-
cpe:2.3:a:memcached:memcached:1.4.4
-
cpe:2.3:a:memcached:memcached:1.4.5
-
cpe:2.3:a:memcached:memcached:1.4.6
-
cpe:2.3:a:memcached:memcached:1.4.7
-
cpe:2.3:a:memcached:memcached:1.4.8
-
cpe:2.3:a:memcached:memcached:1.4.9