CVE-2016-8705
Published: 2 November 2016
Multiple integer overflows in process_bin_update function in Memcached, which is responsible for processing multiple commands of Memcached binary protocol, can be abused to cause heap overflow and lead to remote code execution.
Priority
Status
Package | Release | Status |
---|---|---|
memcached Launchpad, Ubuntu, Debian |
precise |
Released
(1.4.13-0ubuntu2.2)
|
trusty |
Released
(1.4.14-0ubuntu9.1)
|
|
upstream |
Released
(1.4.33)
|
|
xenial |
Released
(1.4.25-2ubuntu1.2)
|
|
yakkety |
Released
(1.4.25-2ubuntu2.1)
|
|
Patches: upstream: https://github.com/memcached/memcached/commit/bd578fc34b96abe0f8d99c1409814a09f51ee71c |
Severity score breakdown
Parameter | Value |
---|---|
Base score | 9.8 |
Attack vector | Network |
Attack complexity | Low |
Privileges required | None |
User interaction | None |
Scope | Unchanged |
Confidentiality | High |
Integrity impact | High |
Availability impact | High |
Vector | CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H |