Lucene search

TalosCVE-2016-8705

HistoryJan 06, 2017 - 9:59 p.m.

CVE-2016-8705

2017-01-0621:59:01

CWE-190

talos

web.nvd.nist.gov

140

cve-2016-8705

integer overflow

process_bin_update

memcached

heap overflow

remote code execution

nvd

CVSS2

7.5

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:P/I:P/A:P

CVSS3

9.8

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

AI Score

9.2

Confidence

High

EPSS

0.867

Percentile

98.6%

JSON

Multiple integer overflows in process_bin_update function in Memcached, which is responsible for processing multiple commands of Memcached binary protocol, can be abused to cause heap overflow and lead to remote code execution.

Affected configurations

Nvd

Vulners

Node

memcachedmemcachedRange≤1.4.31

VendorProductVersionCPE
memcachedmemcached*cpe:2.3:a:memcached:memcached:*:*:*:*:*:*:*:*

Vendor	Product	Version	CPE
memcached	memcached	*	cpe:2.3:a:memcached:memcached::::::::

CNA Affected

[
  {
    "product": "Memcached",
    "vendor": "Memcached",
    "versions": [
      {
        "status": "affected",
        "version": "1.4.31"
      }
    ]
  }
]