CVE-2016-8704

9.8 CRITICAL

Published: January 06, 2017 Modified: May 06, 2026

Description

An integer overflow in the process_bin_append_prepend function in Memcached, which is responsible for processing multiple commands of Memcached binary protocol, can be abused to cause heap overflow and lead to remote code execution.

AI Explanation

Get an AI-powered plain-language explanation of this vulnerability and remediation steps.

CVSS v3.x Details

0.0 Low Medium High Critical 10.0

Vector String

CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

References to Advisories, Solutions, and Tools

Patch Vendor Advisory Exploit Third Party Advisory

http://rhn.redhat.com/errata/RHSA-2016-2819.html

Source: talos-cna@cisco.com

http://rhn.redhat.com/errata/RHSA-2016-2820.html

Source: talos-cna@cisco.com

http://www.debian.org/security/2016/dsa-3704

Source: talos-cna@cisco.com

http://www.securityfocus.com/bid/94083

Source: talos-cna@cisco.com

http://www.securitytracker.com/id/1037333

Source: talos-cna@cisco.com

http://www.talosintelligence.com/reports/TALOS-2016-0219/

Source: talos-cna@cisco.com

Exploit Technical Description Third Party Advisory VDB Entry

https://access.redhat.com/errata/RHSA-2017:0059

Source: talos-cna@cisco.com

https://security.gentoo.org/glsa/201701-12

Source: talos-cna@cisco.com

http://rhn.redhat.com/errata/RHSA-2016-2819.html