Public exploit available
Public proof-of-concept or exploit code exists (ExploitDB / Metasploit / Nuclei).

CVE-2016-8706Integer Overflow or Wraparound in Memcached

CWE-190Integer Overflow or Wraparound11 documents9 sources
Severity
8.1HIGHNVD
EPSS
51.8%
top 2.09%
CISA KEV
Not in KEV
Exploit
PoC available
Public exploit / PoC exists
Affected products
2
MemcachedDebian Memcached
Timeline
PublishedJan 6
Latest updateMay 13

Description

An integer overflow in process_bin_sasl_auth function in Memcached, which is responsible for authentication commands of Memcached binary protocol, can be abused to cause heap overflow and lead to remote code execution.

CVSS vector

CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:HExploitability: 2.2 | Impact: 5.9

Affected Packages4 packages

debiandebian/memcached< memcached 1.4.33-1 (bookworm)
Debianmemcached/memcached< 1.4.33-1+3
CVEListV5memcached/memcached1.4.31

🔴Vulnerability Details

2
GHSA
GHSA-xj8f-h9rc-62vh: An integer overflow in process_bin_sasl_auth function in Memcached, which is responsible for authentication commands of Memcached binary protocol, can2022-05-13
OSV
CVE-2016-8706: An integer overflow in process_bin_sasl_auth function in Memcached, which is responsible for authentication commands of Memcached binary protocol, can2017-01-06

💥Exploits & PoCs

1
Nuclei
Memcached Server SASL Authentication - Remote Code Execution

📋Vendor Advisories

3
Ubuntu
Memcached vulnerabilities2016-11-02
Red Hat
memcached: SASL authentication remote code execution2016-10-31
Debian
CVE-2016-8706: memcached - An integer overflow in process_bin_sasl_auth function in Memcached, which is res...2016

🕵️Threat Intelligence

1
Talos
Memcached - A Story of Failed Patching & Vulnerable Servers2017-07-17

💬Community

3
Bugzilla
CVE-2016-8704 CVE-2016-8705 CVE-2016-8706 memcached: various flaws [fedora-all]2016-11-01
Bugzilla
CVE-2016-8706 memcached: SASL authentication remote code execution2016-11-01
Bugzilla
CVE-2016-8704 CVE-2016-8705 CVE-2016-8706 memcached: various flaws [epel-5]2016-11-01