CVE-2016-8705 — Integer Overflow or Wraparound in Memcached
Severity
9.8CRITICALNVD
NVD7.5
EPSS
12.6%
top 6.01%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
Timeline
PublishedJan 6
Latest updateMay 13
Description
Multiple integer overflows in process_bin_update function in Memcached, which is responsible for processing multiple commands of Memcached binary protocol, can be abused to cause heap overflow and lead to remote code execution.
CVSS vector
CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:HExploitability: 3.9 | Impact: 5.9
Affected Packages3 packages
🔴Vulnerability Details
4GHSA▶
GHSA-52x7-vqgq-5mww: Multiple integer overflows in process_bin_update function in Memcached, which is responsible for processing multiple commands of Memcached binary prot↗2022-05-13
OSV▶
CVE-2016-8705: Multiple integer overflows in process_bin_update function in Memcached, which is responsible for processing multiple commands of Memcached binary prot↗2017-01-06
📋Vendor Advisories
5Red Hat▶
memcached: Heap-based buffer over-read in try_read_command function (incomplete fix for CVE-2016-8705)↗2017-07-17
Debian▶
CVE-2017-9951: memcached - The try_read_command function in memcached.c in memcached before 1.4.39 allows r...↗2017
Debian▶
CVE-2016-8705: memcached - Multiple integer overflows in process_bin_update function in Memcached, which is...↗2016