CVE-2016-8704
memcached - security update
9.8
CRITICAL
CVSS 3.1
EPSS 7.8%
Description
An integer overflow in the process_bin_append_prepend function in Memcached, which is responsible for processing multiple commands of Memcached binary protocol, can be abused to cause heap overflow and lead to remote code execution.
How to fix CVE-2016-8704
To remediate CVE-2016-8704, upgrade the affected package to a fixed version below.
- Alpine/memcached—upgrade to 1.4.33-r0 or later
- —upgrade to 1.4.33-1 or later
- —upgrade to 1.4.21-1.1+deb8u1 or later
Is CVE-2016-8704 being exploited?
Moderate — EPSS is 7.8%. Track this CVE but it's not at the top of the prioritisation list.
Affected packages (3)
- from 0, < 1.4.33-r0
- from 0, < 1.4.33-1
- from 0, < 1.4.21-1.1+deb8u1
CVSS scores
| Source | Version | Severity | Vector |
|---|---|---|---|
| osv | CVSS 3.1 | CRITICAL9.8 | CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H |