CVE-2016-8705
9.8
CRITICAL
CVSS 3.1
EPSS 6.7%
Description
Multiple integer overflows in process_bin_update function in Memcached, which is responsible for processing multiple commands of Memcached binary protocol, can be abused to cause heap overflow and lead to remote code execution.
How to fix CVE-2016-8705
To remediate CVE-2016-8705, upgrade the affected package to a fixed version below.
- Alpine/memcached—upgrade to 1.4.33-r0 or later
- Debian/memcached—upgrade to 1.4.33-1 or later
Is CVE-2016-8705 being exploited?
Moderate — EPSS is 6.7%. Track this CVE but it's not at the top of the prioritisation list.
Affected packages (2)
- from 0, < 1.4.33-r0
- from 0, < 1.4.33-1
CVSS scores
| Source | Version | Severity | Vector |
|---|---|---|---|
| osv | CVSS 3.1 | CRITICAL9.8 | CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H |