CVE-2016-8704
Published: 2 November 2016
An integer overflow in the process_bin_append_prepend function in Memcached, which is responsible for processing multiple commands of Memcached binary protocol, can be abused to cause heap overflow and lead to remote code execution.
Priority
Status
Package | Release | Status |
---|---|---|
memcached Launchpad, Ubuntu, Debian |
precise |
Released
(1.4.13-0ubuntu2.2)
|
trusty |
Released
(1.4.14-0ubuntu9.1)
|
|
upstream |
Released
(1.4.33)
|
|
xenial |
Released
(1.4.25-2ubuntu1.2)
|
|
yakkety |
Released
(1.4.25-2ubuntu2.1)
|
|
Patches: upstream: https://github.com/memcached/memcached/commit/bd578fc34b96abe0f8d99c1409814a09f51ee71c |
Severity score breakdown
Parameter | Value |
---|---|
Base score | 9.8 |
Attack vector | Network |
Attack complexity | Low |
Privileges required | None |
User interaction | None |
Scope | Unchanged |
Confidentiality | High |
Integrity impact | High |
Availability impact | High |
Vector | CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H |