Vulnerability Details CVE-2016-8705
Multiple integer overflows in process_bin_update function in Memcached, which is responsible for processing multiple commands of Memcached binary protocol, can be abused to cause heap overflow and lead to remote code execution.
Exploit prediction scoring system (EPSS) score
EPSS Score 0.082
EPSS Ranking 91.7%
CVSS Severity
CVSS v3 Score 9.8
CVSS v2 Score 7.5
References
- http://rhn.redhat.com/errata/RHSA-2016-2819.html
- http://rhn.redhat.com/errata/RHSA-2016-2820.html
- http://www.debian.org/security/2016/dsa-3704
- http://www.securityfocus.com/bid/94083
- http://www.securitytracker.com/id/1037333
- http://www.talosintelligence.com/reports/TALOS-2016-0220/
- https://access.redhat.com/errata/RHSA-2017:0059
- https://security.gentoo.org/glsa/201701-12
- http://rhn.redhat.com/errata/RHSA-2016-2819.html
- http://rhn.redhat.com/errata/RHSA-2016-2820.html
- http://www.debian.org/security/2016/dsa-3704
- http://www.securityfocus.com/bid/94083
- http://www.securitytracker.com/id/1037333
- http://www.talosintelligence.com/reports/TALOS-2016-0220/
- https://access.redhat.com/errata/RHSA-2017:0059
- https://security.gentoo.org/glsa/201701-12
Products affected by CVE-2016-8705
-
cpe:2.3:a:memcached:memcached:1.2.7
-
cpe:2.3:a:memcached:memcached:1.2.8
-
cpe:2.3:a:memcached:memcached:1.4.0
-
cpe:2.3:a:memcached:memcached:1.4.1
-
cpe:2.3:a:memcached:memcached:1.4.10
-
cpe:2.3:a:memcached:memcached:1.4.11
-
cpe:2.3:a:memcached:memcached:1.4.12
-
cpe:2.3:a:memcached:memcached:1.4.13
-
cpe:2.3:a:memcached:memcached:1.4.14
-
cpe:2.3:a:memcached:memcached:1.4.15
-
cpe:2.3:a:memcached:memcached:1.4.16
-
cpe:2.3:a:memcached:memcached:1.4.17
-
cpe:2.3:a:memcached:memcached:1.4.18
-
cpe:2.3:a:memcached:memcached:1.4.19
-
cpe:2.3:a:memcached:memcached:1.4.2
-
cpe:2.3:a:memcached:memcached:1.4.20
-
cpe:2.3:a:memcached:memcached:1.4.21
-
cpe:2.3:a:memcached:memcached:1.4.22
-
cpe:2.3:a:memcached:memcached:1.4.23
-
cpe:2.3:a:memcached:memcached:1.4.24
-
cpe:2.3:a:memcached:memcached:1.4.25
-
cpe:2.3:a:memcached:memcached:1.4.26
-
cpe:2.3:a:memcached:memcached:1.4.27
-
cpe:2.3:a:memcached:memcached:1.4.28
-
cpe:2.3:a:memcached:memcached:1.4.29
-
cpe:2.3:a:memcached:memcached:1.4.3
-
cpe:2.3:a:memcached:memcached:1.4.30
-
cpe:2.3:a:memcached:memcached:1.4.31
-
cpe:2.3:a:memcached:memcached:1.4.4
-
cpe:2.3:a:memcached:memcached:1.4.5
-
cpe:2.3:a:memcached:memcached:1.4.6
-
cpe:2.3:a:memcached:memcached:1.4.7
-
cpe:2.3:a:memcached:memcached:1.4.8
-
cpe:2.3:a:memcached:memcached:1.4.9