CVE-2016-8704 — Integer Overflow or Wraparound in Memcached

CWE-190 — Integer Overflow or Wraparound11 documents9 sources

Severity

9.8CRITICALNVD

EPSS

14.3%

top 5.57%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Memcached Debian Memcached

Timeline

PublishedJan 6

Latest updateMay 13

Description

An integer overflow in the process_bin_append_prepend function in Memcached, which is responsible for processing multiple commands of Memcached binary protocol, can be abused to cause heap overflow and lead to remote code execution.

CVSS vector

CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:HExploitability: 3.9 | Impact: 5.9

Affected Packages4 packages

▶debiandebian/memcached< memcached 1.4.33-1 (bookworm)

▶Debianmemcached/memcached< 1.4.33-1+3

▶NVDmemcached/memcached1.4.31

▶CVEListV5memcached/memcached1.4.31

🔴Vulnerability Details

GHSA

GHSA-5hm6-wpg3-fv45: An integer overflow in the process_bin_append_prepend function in Memcached, which is responsible for processing multiple commands of Memcached binary↗2022-05-13

▶

OSV

CVE-2016-8704: An integer overflow in the process_bin_append_prepend function in Memcached, which is responsible for processing multiple commands of Memcached binary↗2017-01-06

▶

📋Vendor Advisories

Ubuntu

Memcached vulnerabilities↗2016-11-02

▶

Red Hat

memcached: Server append/prepend remote code execution↗2016-10-31

▶

Debian

CVE-2016-8704: memcached - An integer overflow in the process_bin_append_prepend function in Memcached, whi...↗2016

▶

🕵️Threat Intelligence

Talos

Memcached - A Story of Failed Patching & Vulnerable Servers↗2017-07-17

▶

💬Community

Bugzilla

CVE-2016-8704 CVE-2016-8705 CVE-2016-8706 memcached: various flaws [fedora-all]↗2016-11-01

▶

Bugzilla

CVE-2016-8704 memcached: Server append/prepend remote code execution↗2016-11-01

▶

Bugzilla

CVE-2016-8704 CVE-2016-8705 CVE-2016-8706 memcached: various flaws [epel-5]↗2016-11-01

▶