CVE-2016-8706
8.1
HIGH
CVSS 3.1
EPSS 73.7%
Description
An integer overflow in process_bin_sasl_auth function in Memcached, which is responsible for authentication commands of Memcached binary protocol, can be abused to cause heap overflow and lead to remote code execution.
How to fix CVE-2016-8706
To remediate CVE-2016-8706, upgrade the affected package to a fixed version below.
- Alpine/memcached—upgrade to 1.4.33-r0 or later
- Debian/memcached—upgrade to 1.4.33-1 or later
Is CVE-2016-8706 being exploited?
Likely — EPSS is 73.7%, placing CVE-2016-8706 in the top tier of vulnerabilities by exploitation probability. Prioritise patching.
Affected packages (2)
- from 0, < 1.4.33-r0
- from 0, < 1.4.33-1
CVSS scores
| Source | Version | Severity | Vector |
|---|---|---|---|
| osv | CVSS 3.1 | HIGH8.1 | CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H |