CVE-2016-8704

See a problem?
Please try reporting it to the source first.
Source
https://cve.org/CVERecord?id=CVE-2016-8704
Import Source
https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2016-8704.json
JSON Data
https://api.test.osv.dev/v1/vulns/CVE-2016-8704
Downstream
Related
Published
2017-01-06T21:59:01.790Z
Modified
2026-04-11T17:12:48.199545Z
Severity
  • 9.8 (Critical) CVSS_V3 - CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H CVSS Calculator
Summary
[none]
Details

An integer overflow in the processbinappend_prepend function in Memcached, which is responsible for processing multiple commands of Memcached binary protocol, can be abused to cause heap overflow and lead to remote code execution.

References

Affected packages

Git / github.com/memcached/memcached

Affected ranges

Type
GIT
Repo
https://github.com/memcached/memcached
Events
Introduced
0 Unknown introduced commit / All previous commits are affected
Last affected
c00dbc3927af71afb8c46c7416bd53a92fecfdb2
Database specific 
{
    "source": "CPE_FIELD",
    "cpe": "cpe:2.3:a:memcached:memcached:*:*:*:*:*:*:*:*",
    "extracted_events": [
        {
            "introduced": "0"
        },
        {
            "last_affected": "1.4.31"
        }
    ]
}

Affected versions

1.*
1.2.0
1.2.1
1.2.2
1.2.3
1.2.4
1.3.2
1.3.3
1.4-rc1
1.4.0
1.4.0-rc1
1.4.1
1.4.1-rc1
1.4.10
1.4.11
1.4.11-beta1
1.4.11-rc1
1.4.12
1.4.13
1.4.14
1.4.15
1.4.16
1.4.17
1.4.18
1.4.19
1.4.2
1.4.2-rc1
1.4.20
1.4.21
1.4.22
1.4.23
1.4.24
1.4.25
1.4.26
1.4.27
1.4.28
1.4.29
1.4.3
1.4.3-rc1
1.4.3-rc2
1.4.30
1.4.31
1.4.4
1.4.5
1.4.6
1.4.6-rc1
1.4.7
1.4.7-rc1
1.4.8
1.4.8-rc1
1.4.9

Database specific

source 
"https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2016-8704.json"