Vulnerability Description
An integer overflow in process_bin_sasl_auth function in Memcached, which is responsible for authentication commands of Memcached binary protocol, can be abused to cause heap overflow and lead to remote code execution.
CVSS Score
8.1
HIGH
CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Memcached | Memcached | <= 1.4.31 |
Related Weaknesses (CWE)
References
- http://rhn.redhat.com/errata/RHSA-2016-2819.html
- http://www.debian.org/security/2016/dsa-3704
- http://www.securityfocus.com/bid/94083
- http://www.securitytracker.com/id/1037333
- http://www.talosintelligence.com/reports/TALOS-2016-0221/ExploitTechnical DescriptionThird Party Advisory
- https://security.gentoo.org/glsa/201701-12
- http://rhn.redhat.com/errata/RHSA-2016-2819.html
- http://www.debian.org/security/2016/dsa-3704
- http://www.securityfocus.com/bid/94083
- http://www.securitytracker.com/id/1037333
- http://www.talosintelligence.com/reports/TALOS-2016-0221/ExploitTechnical DescriptionThird Party Advisory
- https://security.gentoo.org/glsa/201701-12
FAQ
What is CVE-2016-8706?
CVE-2016-8706 is a vulnerability with a CVSS score of 8.1 (HIGH). An integer overflow in process_bin_sasl_auth function in Memcached, which is responsible for authentication commands of Memcached binary protocol, can be abused to cause heap overflow and lead to remo...
How severe is CVE-2016-8706?
CVE-2016-8706 has been rated HIGH with a CVSS base score of 8.1/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2016-8706?
Check the references section above for vendor advisories and patch information. Affected products include: Memcached Memcached.