CVE-2016-8706
Description
An integer overflow in process_bin_sasl_auth function in Memcached, which is responsible for authentication commands of Memcached binary protocol, can be abused to cause heap overflow and lead to remote code execution.
Risk Information
Base Score
8.1
MODERATE
Vector
CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H
EPSS Score
Exploitation Probability
68.629
Associated Vulnerability
| Vulnerability | OS Platform |
|---|---|
| high-performance memory object caching system (USN-3120-1) memcached_1.4.13-0ubuntu2.2_i386.deb | Linux |
| high-performance memory object caching system (USN-3120-1) memcached_1.4.13-0ubuntu2.2_amd64.deb | Linux |
| high-performance memory object caching system (USN-3120-1) memcached_1.4.14-0ubuntu9.1_i386.deb | Linux |
| high-performance memory object caching system (USN-3120-1) memcached_1.4.14-0ubuntu9.1_amd64.deb | Linux |
| high-performance memory object caching system (USN-3120-1) memcached_1.4.25-2ubuntu1.2_i386.deb | Linux |
| high-performance memory object caching system (USN-3120-1) memcached_1.4.25-2ubuntu1.2_amd64.deb | Linux |
| Memcached 1.4.25-2ubuntu2.1 for Ubuntu 16.10 (x64) memcached_1.4.25-2ubuntu2.1_amd64.deb | Linux |
| Memcached 1.4.25-2ubuntu2.1 for Ubuntu 16.10 memcached_1.4.25-2ubuntu2.1_i386.deb | Linux |
| memcached security update(DSA-3704-1) memcached_1.4.21-1.1+deb8u1_amd64.deb | Linux |
| memcached security update(DSA-3704-1) memcached_1.4.21-1.1+deb8u1_kfreebsd-i386.deb | Linux |
| memcached security update(DSA-3704-1) memcached_1.4.21-1.1+deb8u1_kfreebsd-amd64.deb | Linux |
| (RHSA-2016:2819) Important: memcached security update memcached-1.4.15-10.el7_3.1.x86_64.rpm | Linux |
| (RHSA-2016:2819) Important: memcached security update memcached-devel-1.4.15-10.el7_3.1.i686.rpm | Linux |
| (RHSA-2016:2819) Important: memcached security update memcached-devel-1.4.15-10.el7_3.1.x86_64.rpm | Linux |
| Memcached update (ELSA-2016-2819) memcached-1.4.15-10.el7_3.1.x86_64.rpm | Linux |
| Memcached-devel update (ELSA-2016-2819) memcached-devel-1.4.15-10.el7_3.1.x86_64.rpm | Linux |
| Memcached-devel update (ELSA-2016-2819) memcached-devel-1.4.15-10.el7_3.1.i686.rpm | Linux |
| (CESA-2016:2819) Important: memcached security update memcached-1.4.15-10.el7_3.1.x86_64.rpm | Linux |
| (RHSA-2016:2819)Important: security update memcached-debuginfo-1.4.15-10.el7_3.1.i686.rpm | Linux |
| (RHSA-2016:2819)Important: security update memcached-debuginfo-1.4.15-10.el7_3.1.x86_64.rpm | Linux |
Patch Details
No records foundReferences
https://nvd.nist.gov/vuln/detail/CVE-2023-1234
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-1234