CVE-2016-8704
Description
An integer overflow in the process_bin_append_prepend function in Memcached, which is responsible for processing multiple commands of Memcached binary protocol, can be abused to cause heap overflow and lead to remote code execution.
Risk Information
Base Score
9.8
MODERATE
Vector
CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
EPSS Score
Exploitation Probability
18.304
Associated Vulnerability
| Vulnerability | OS Platform |
|---|---|
| high-performance memory object caching system (USN-3120-1) memcached_1.4.13-0ubuntu2.2_i386.deb | Linux |
| high-performance memory object caching system (USN-3120-1) memcached_1.4.13-0ubuntu2.2_amd64.deb | Linux |
| high-performance memory object caching system (USN-3120-1) memcached_1.4.14-0ubuntu9.1_i386.deb | Linux |
| high-performance memory object caching system (USN-3120-1) memcached_1.4.14-0ubuntu9.1_amd64.deb | Linux |
| high-performance memory object caching system (USN-3120-1) memcached_1.4.25-2ubuntu1.2_i386.deb | Linux |
| high-performance memory object caching system (USN-3120-1) memcached_1.4.25-2ubuntu1.2_amd64.deb | Linux |
| Memcached 1.4.25-2ubuntu2.1 for Ubuntu 16.10 (x64) memcached_1.4.25-2ubuntu2.1_amd64.deb | Linux |
| Memcached 1.4.25-2ubuntu2.1 for Ubuntu 16.10 memcached_1.4.25-2ubuntu2.1_i386.deb | Linux |
| memcached security update(DSA-3704-1) memcached_1.4.21-1.1+deb8u1_amd64.deb | Linux |
| memcached security update(DSA-3704-1) memcached_1.4.21-1.1+deb8u1_kfreebsd-i386.deb | Linux |
| memcached security update(DSA-3704-1) memcached_1.4.21-1.1+deb8u1_kfreebsd-amd64.deb | Linux |
| (RHSA-2016:2820) Important: memcached security update memcached-1.4.4-3.el6_8.1.i686.rpm | Linux |
| (RHSA-2016:2820) Important: memcached security update memcached-1.4.4-3.el6_8.1.x86_64.rpm | Linux |
| (RHSA-2016:2820) Important: memcached security update memcached-devel-1.4.4-3.el6_8.1.i686.rpm | Linux |
| (RHSA-2016:2820) Important: memcached security update memcached-devel-1.4.4-3.el6_8.1.x86_64.rpm | Linux |
| Memcached update (ELSA-2016-2819) memcached-1.4.15-10.el7_3.1.x86_64.rpm | Linux |
| Memcached-devel update (ELSA-2016-2819) memcached-devel-1.4.15-10.el7_3.1.x86_64.rpm | Linux |
| Memcached-devel update (ELSA-2016-2819) memcached-devel-1.4.15-10.el7_3.1.i686.rpm | Linux |
| (CESA-2016:2819) Important: memcached security update memcached-1.4.15-10.el7_3.1.x86_64.rpm | Linux |
Patch Details
No records foundReferences
https://nvd.nist.gov/vuln/detail/CVE-2023-1234
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-1234