A heap-based buffer overflow has been identified in memcached shipped with SmartCloud Entry.
CVEID: CVE-2016-8704**
DESCRIPTION:** Memcached is vulnerable to a heap-based buffer overflow, caused by an integer overflow in the process_bin_append_prepend function. By using a specially-crafted command, a remote attacker could overflow a buffer and execute arbitrary code on the system.
CVSS Base Score: 9.8
CVSS Temporal Score: See https://exchange.xforce.ibmcloud.com/vulnerabilities/118447 for the current score
CVSS Environmental Score*: Undefined
CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H)
CVEID: CVE-2016-8705**
DESCRIPTION:** Memcached is vulnerable to a heap-based buffer overflow, caused by an integer overflow in the process_bin_update function. By using a specially-crafted command, a remote attacker could overflow a buffer and execute arbitrary code on the system.
CVSS Base Score: 9.8
CVSS Temporal Score: See https://exchange.xforce.ibmcloud.com/vulnerabilities/118453 for the current score
CVSS Environmental Score*: Undefined
CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H)
IBM SmartCloud Entry 3.1.0 through 3.1.0.4 Appliance fix pack 23,
IBM SmartCloud Entry 3.2.0 through 3.2.0.4 Appliance fix pack 23
Product
| VRMF|APAR|Remediation/First Fix
—|—|—|—
SmartCloud Entry| 3.1| None| IBM SmartCloud Entry 3.1.0 Appliance Fixpack 24:
http://www.ibm.com/support/fixcentral/quickorder?product=ibm%2FOther+software%2FIBM+SmartCloud+Entry&fixids=3.1.0.4-IBM-SCE_APPL-FP24&source=SAR
SmartCloud Entry| 3.2| None| IBM SmartCloud Entry 3.2.0 Appliance Fixpack 24:
https://www-945.ibm.com/support/fixcentral/swg/selectFixes?product=ibm%2FOther+software%2FIBM+SmartCloud+Entry&fixids=3.2.0.4-IBM-SCE_APPL-FP24&source=SAR&function=fixId&parent=ibm/Other%20software
None.