An integer overflow in process_bin_sasl_auth function in Memcached, which is responsible for authentication commands of Memcached binary protocol, can be abused to cause heap overflow and lead to remote code execution.

CPENameOperatorVersion
memcachedle1.4.31

CPE	Name	Operator	Version
	memcached	le	1.4.31

References

rhn.redhat.com/errata/RHSA-2016-2819.html

www.debian.org/security/2016/dsa-3704

www.securityfocus.com/bid/94083

www.securitytracker.com/id/1037333

www.talosintelligence.com/reports/TALOS-2016-0221/

security.gentoo.org/glsa/201701-12

cvelist 1

ubuntucve 1

veracode 1

alpinelinux 1

talos 1

checkpoint_advisories 1

cve 1

redhatcve 1

nvd 1

debiancve 1

osv 3

talosblog 1

freebsd 1

openvas 13

nessus 18

fedora 3

altlinux 1

debian 3

centos 1

thn 2

packetstorm 1

amazon 1

redhat 1

mageia 1

oraclelinux 2

ibm 1

ubuntu 1

gentoo 1

archlinux 1

suse 2

cvelist

CVE-2016-8706

2017-01-06 21:00:00

ubuntucve

CVE-2016-8706

2016-11-02 00:00:00

veracode

Remote Code Execution (RCE)

2019-05-02 06:07:42

alpinelinux

CVE-2016-8706

2017-01-06 21:59:01

talos

Memcached Server SASL Autentication Remote Code Execution Vulnerability

2016-10-31 00:00:00

checkpoint_advisories

Memcached process_bin_sasl_auth Integer Underflow (CVE-2016-8706)

2016-12-08 00:00:00

cve

CVE-2016-8706

2017-01-06 21:59:01

redhatcve

CVE-2016-8706

2016-11-01 09:47:30

nvd

CVE-2016-8706

2017-01-06 21:59:01

debiancve

CVE-2016-8706

2017-01-06 21:59:01

osv

CVE-2016-8706

2017-01-06 21:59:01

memcached - security update

2016-11-03 00:00:00

memcached - security update

2016-11-05 00:00:00

talosblog

Memcached - A Story of Failed Patching & Vulnerable Servers

2017-07-17 07:35:00

freebsd

memcached -- multiple vulnerabilities

2016-10-31 00:00:00

openvas

Fedora Update for memcached FEDORA-2016-0c4e822340

2016-12-08 00:00:00

Fedora Update for memcached FEDORA-2016-4df986a71f

2016-12-02 00:00:00

Ubuntu: Security Advisory (USN-3120-1)

2016-11-08 00:00:00

nessus

Ubuntu 14.04 LTS / 16.04 LTS : Memcached vulnerabilities (USN-3120-1)

2016-11-03 00:00:00

EulerOS Virtualization for ARM 64 3.0.1.0 : memcached (EulerOS-SA-2019-1396)

2019-05-14 00:00:00

FreeBSD : memcached -- multiple vulnerabilities (f4bf713f-6ac7-4b76-8980-47bf90c5419f)

2016-11-02 00:00:00

fedora

[SECURITY] Fedora 24 Update: memcached-1.4.25-2.fc24

2016-11-14 21:02:25

[SECURITY] Fedora 25 Update: memcached-1.4.33-1.fc25

2016-12-08 03:53:46

[SECURITY] Fedora 23 Update: memcached-1.4.17-5.fc23

2016-11-14 23:52:16

altlinux

Security fix for the ALT Linux 8 package memcached version 1.4.33-alt1

2016-11-02 00:00:00

debian

[SECURITY] [DSA 3704-1] memcached security update

2016-11-03 16:24:14

[SECURITY] [DSA 3704-1] memcached security update

2016-11-03 16:24:14

[SECURITY] [DLA 701-1] memcached security update

2016-11-05 14:57:27

centos

memcached security update

2016-11-25 16:47:41

thn

Over 70,000 Memcached Servers Still Vulnerable to Remote Hacking

2017-07-18 04:52:00

Multiple Critical Remotely Exploitable Flaws Discovered in Memcached Caching System

2016-11-01 23:21:00

packetstorm

Memcached 1.4.33 Proof Of Concept

2016-11-03 00:00:00

amazon

Important: memcached

2016-11-10 18:00:00

redhat

(RHSA-2016:2819) Important: memcached security update

2016-11-23 04:43:57

mageia

Updated memcached packages fix security vulnerability

2016-11-17 19:37:05

oraclelinux

memcached security update

2016-11-23 00:00:00

memcached security update

2016-11-23 00:00:00

ibm

Security Bulletin: Vulnerabilities in Memcached affect IBM Tealeaf Customer Experience and IBM Tealeaf Customer Experience on Cloud Network Capture Add-On

2018-06-16 20:07:47

ubuntu

Memcached vulnerabilities

2016-11-02 00:00:00

gentoo

memcached: Multiple vulnerabilities

2017-01-02 00:00:00

archlinux

[ASA-201611-1] memcached: arbitrary code execution

2016-11-01 00:00:00

suse

Security update for memcached (important)

2018-03-26 15:09:40

Security update for memcached (important)

2018-03-22 17:27:53

Solutions

Vulnerabilities intelligence
Perimeter control tool
Linux scanner
Windows scanner
Developers SDK
Security Intelligence feeds

Database

Vulnerabilities
Exploits
Security News
BugBounty
Wild Exploited
Top Vulnerabilities
CVE Feed

Resources

Statics & Sources
Plugins
API docs
FAQ
Blog
Glossary

Company

About
Contacts
Pricing
EULA
Privacy Policy
Submission Policy
OpenSource

@2024 Vulners Inc

8.5 High

AI Score

Confidence

Low

0.887 High

EPSS

Percentile

98.7%

JSON

Related for PRION:CVE-2016-8706