CVE-2016-8705
memcached: Server update remote code execution
Severity Score
Exploit Likelihood
Affected Versions
Public Exploits
1Exploited in Wild
-Decision
Descriptions
Multiple integer overflows in process_bin_update function in Memcached, which is responsible for processing multiple commands of Memcached binary protocol, can be abused to cause heap overflow and lead to remote code execution.
Múltiples desbordamientos de entero en la función process_bin_update en Memcached, que es responsable de procesar múltiples comandos de protocolo binario Memcached, puede ser abusado para provocar desbordamiento en la memoria dinámica y conducir a la ejecución remota de código.
An integer overflow flaw, leading to a heap-based buffer overflow, was found in the memcached binary protocol. An attacker could create a specially crafted message that would cause the memcached server to crash or, potentially, execute arbitrary code.
CVSS Scores
SSVC
- Decision:-
Timeline
- 2016-10-17 CVE Reserved
- 2016-11-02 CVE Published
- 2024-02-29 EPSS Updated
- 2024-08-06 CVE Updated
- 2024-08-06 First Exploit
- ---------- Exploited in Wild
- ---------- KEV Due Date
CWE
- CWE-122: Heap-based Buffer Overflow
- CWE-190: Integer Overflow or Wraparound
CAPEC
References (10)
URL | Tag | Source |
---|---|---|
http://www.securityfocus.com/bid/94083 | Vdb Entry | |
http://www.securitytracker.com/id/1037333 | Vdb Entry |
URL | Date | SRC |
---|---|---|
http://www.talosintelligence.com/reports/TALOS-2016-0220 | 2024-08-06 |
URL | Date | SRC |
---|
URL | Date | SRC |
---|---|---|
http://rhn.redhat.com/errata/RHSA-2016-2819.html | 2022-04-19 | |
http://rhn.redhat.com/errata/RHSA-2016-2820.html | 2022-04-19 | |
http://www.debian.org/security/2016/dsa-3704 | 2022-04-19 | |
https://access.redhat.com/errata/RHSA-2017:0059 | 2022-04-19 | |
https://security.gentoo.org/glsa/201701-12 | 2022-04-19 | |
https://access.redhat.com/security/cve/CVE-2016-8705 | 2017-01-11 | |
https://bugzilla.redhat.com/show_bug.cgi?id=1390511 | 2017-01-11 |
Affected Vendors, Products, and Versions
Vendor | Product | Version | Other | Status | ||||||
---|---|---|---|---|---|---|---|---|---|---|
Vendor | Product | Version | Other | Status | <-- --> | Vendor | Product | Version | Other | Status |
Memcached Search vendor "Memcached" | Memcached Search vendor "Memcached" for product "Memcached" | <= 1.4.31 Search vendor "Memcached" for product "Memcached" and version " <= 1.4.31" | - |
Affected
|