CVE-2016-8704 in Ubuntu

CVE-2016-8704

Priority

High

Description

An integer overflow in the process_bin_append_prepend function in
Memcached, which is responsible for processing multiple commands of
Memcached binary protocol, can be abused to cause heap overflow and lead to
remote code execution.

References

https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-8704
http://www.talosintelligence.com/reports/TALOS-2016-0219/
http://blog.talosintel.com/2016/10/memcached-vulnerabilities.html
https://github.com/memcached/memcached/wiki/ReleaseNotes1433
https://usn.ubuntu.com/usn/usn-3120-1

Assigned-to

mdeslaur

Package

Source: memcached (LP Ubuntu Debian)

Upstream:	released (1.4.33)
Ubuntu 14.04 LTS (Trusty Tahr):	released (1.4.14-0ubuntu9.1)
Ubuntu 16.04 LTS (Xenial Xerus):	released (1.4.25-2ubuntu1.2)
Ubuntu 17.04 (Zesty Zapus):	released (1.4.25-2ubuntu3)

Patches:

Upstream:

https://github.com/memcached/memcached/commit/bd578fc34b96abe0f8d99c1409814a09f51ee71c

More Information

Mitre
NVD
Launchpad
Debian

Updated: 2017-12-15 20:35:27 UTC (commit 13913)