[Forgot Password]
Login  Register Subscribe

30389

 
 

423868

 
 

244411

 
 

909

 
 

193363

 
 

277

Paid content will be excluded from the download.


Download | Alert*
CVE
view JSON

CVE-2016-8704Date: (C)2017-01-11   (M)2023-12-22


An integer overflow in the process_bin_append_prepend function in Memcached, which is responsible for processing multiple commands of Memcached binary protocol, can be abused to cause heap overflow and lead to remote code execution.

CVSS Score and Metrics +CVSS Score and Metrics -

CVSS V3 Severity:CVSS V2 Severity:
CVSS Score : 9.8CVSS Score : 7.5
Exploit Score: 3.9Exploit Score: 10.0
Impact Score: 5.9Impact Score: 6.4
 
CVSS V3 Metrics:CVSS V2 Metrics:
Attack Vector: NETWORKAccess Vector: NETWORK
Attack Complexity: LOWAccess Complexity: LOW
Privileges Required: NONEAuthentication: NONE
User Interaction: NONEConfidentiality: PARTIAL
Scope: UNCHANGEDIntegrity: PARTIAL
Confidentiality: HIGHAvailability: PARTIAL
Integrity: HIGH 
Availability: HIGH 
  
Reference:
SECTRACK-1037333
BID-94083
DSA-3704
GLSA-201701-12
RHSA-2016:2819
RHSA-2016:2820
RHSA-2017:0059
http://www.talosintelligence.com/reports/TALOS-2016-0219/

CPE    1
cpe:/a:memcached:memcached
CWE    1
CWE-190
OVAL    16
oval:org.secpod.oval:def:1800078
oval:org.secpod.oval:def:204162
oval:org.secpod.oval:def:2100687
oval:org.secpod.oval:def:111609
...

© SecPod Technologies