cbcvebase.
CVE-2016-8705
published 2017-01-06

CVE-2016-8705: Multiple integer overflows in process_bin_update function in Memcached, which is responsible for processing multiple commands of Memcached binary protocol, can…

PriorityP264critical9.8CVSS 3.0
AVNACLPRNUINSUCHIHAH
EPSS
19.85%
97.1th percentile
Multiple integer overflows in process_bin_update function in Memcached, which is responsible for processing multiple commands of Memcached binary protocol, can be abused to cause heap overflow and lead to remote code execution.

Affected

12 ranges
VendorProductVersion rangeFixed in
debianmemcached< memcached 1.4.33-1 (bookworm)memcached 1.4.33-1 (bookworm)
debianmemcached< memcached 1.5.0-1 (bookworm)memcached 1.5.0-1 (bookworm)
memcachedmemcached<= 1.4.31
memcachedmemcached<= 1.4.38
memcachedmemcached>= 0 < 1.4.33-11.4.33-1
memcachedmemcached>= 0 < 1.5.0-11.5.0-1
memcachedmemcached>= 0 < 1.4.33-11.4.33-1
memcachedmemcached>= 0 < 1.5.0-11.5.0-1
memcachedmemcached>= 0 < 1.4.33-11.4.33-1
memcachedmemcached>= 0 < 1.5.0-11.5.0-1
memcachedmemcached>= 0 < 1.4.33-11.4.33-1
memcachedmemcached>= 0 < 1.5.0-11.5.0-1

Detection & IOCsextracted from sources · hover to see the quote

  • The vulnerability exists in the memcached binary protocol handler (process_bin_update function). Monitor for binary protocol traffic to memcached ports, especially malformed or oversized update commands that could trigger integer overflow.
  • Upstream patch available at the referenced GitHub commit; use it to identify patched vs. unpatched binaries in your environment.
  • Talos intelligence report TALOS-2016-0220 contains additional technical details that may support signature development.
  • ·The flaw is specific to the memcached binary protocol. Disabling the binary protocol by adding '-B ascii' to OPTIONS in /etc/sysconfig/memcached mitigates the vulnerability if clients only use the ASCII protocol.
  • ·CVE-2017-9951 is an incomplete fix for CVE-2016-8705; environments patched only to memcached < 1.4.39 remain vulnerable to the follow-on heap-based buffer over-read via add/set key requests in the binary protocol.

CVSS provenance

nvdv3.09.8CRITICALCVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
nvdv2.07.5HIGHAV:N/AC:L/Au:N/C:P/I:P/A:P
osv9.8CRITICAL
vendor_debian9.8CRITICAL
vendor_redhat9.8CRITICAL
Stop checking back — get the weekly exploitation signal.

Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.