Published: 06/01/2017 Updated: 19/04/2022

CVSS v2 Base Score: 6.8 | Impact Score: 6.4 | Exploitability Score: 8.6

CVSS v3 Base Score: 8.1 | Impact Score: 5.9 | Exploitability Score: 2.2

VMScore: 605

Vector: AV:N/AC:M/Au:N/C:P/I:P/A:P

An integer overflow in process_bin_sasl_auth function in Memcached, which is responsible for authentication commands of Memcached binary protocol, can be abused to cause heap overflow and lead to remote code execution.

Vulnerable Product	Search on Vulmon	Subscribe to Product
memcached memcached

Synopsis Important: memcached security update Type/Severity Security Advisory: Important Topic An update for memcached is now available for Red Hat Enterprise Linux 7Red Hat Product Security has rated this update as having a security impact of Important A Common Vulnerability Scoring System (CVSS) base sc ...

Memcached could be made to crash or run programs if it received specially crafted network traffic ...

Debian Bug report logs - #842811 memcached: CVE-2016-8704 Package: src:memcached; Maintainer for src:memcached is Guillaume Delacour <gui@iroqwaorg>; Reported by: Salvatore Bonaccorso <carnil@debianorg> Date: Tue, 1 Nov 2016 13:03:01 UTC Severity: grave Tags: security, upstream Found in versions memcached/1421- ...

Debian Bug report logs - #842814 memcached: CVE-2016-8706 Package: src:memcached; Maintainer for src:memcached is Guillaume Delacour <gui@iroqwaorg>; Reported by: Salvatore Bonaccorso <carnil@debianorg> Date: Tue, 1 Nov 2016 13:09:23 UTC Severity: grave Tags: security, upstream Found in versions memcached/1421- ...

Debian Bug report logs - #842812 memcached: CVE-2016-8705 Package: src:memcached; Maintainer for src:memcached is Guillaume Delacour <gui@iroqwaorg>; Reported by: Salvatore Bonaccorso <carnil@debianorg> Date: Tue, 1 Nov 2016 13:09:02 UTC Severity: grave Tags: security, upstream Found in versions memcached/1431- ...

An integer overflow flaw, leading to a heap-based buffer overflow, was found in the memcached binary protocol An attacker could create a specially crafted message that would cause the memcached server to crash or, potentially, execute arbitrary code (CVE-2016-8704, CVE-2016-8705) An integer overflow flaw, leading to a heap-based buffer overflow, ...

An integer overflow flaw, leading to a heap-based buffer overflow, was found in memcached's parsing of SASL authentication messages An attacker could create a specially crafted message that would cause the memcached server to crash or, potentially, execute arbitrary code ...

An integer overflow in process_bin_sasl_auth function which is responsible for authentication commands of Memcached binary protocol can be abused to cause heap overflow and lead to remote code execution ...

Multiple RCE flaws found in Memcached web speed tool

The Register • Darren Pauli • 02 Nov 2016

Facebook, Twitter, YouTube, Reddit among big ticket sites possibly affected

A remote code execution vulnerability in popular website backend performance tool Memcached has been found and squashed. Cisco penetration tester Aleksandar Nikolich reported three remote code execution holes in the tool used by big name sites including Facebook, Twitter, YouTube, and Reddit to help decrease database burdens and increase performance. Nikolich says the flaws can compromise the many sites that expose Memcache servers to the internet. He says attackers can further use the vulnerabi...

CVE-2016-8706

Vulnerability Summary

Vulnerability Trend

Vendor Advisories

Recent Articles

References

Vulmon Search

About

Products

Connect