NVD Vulnerability Detail

CVE-2016-8704

Summary	An integer overflow in the process_bin_append_prepend function in Memcached, which is responsible for processing multiple commands of Memcached binary protocol, can be abused to cause heap overflow and lead to remote code execution.
Publication Date	Jan. 7, 2017, 6:59 a.m.
Registration Date	Jan. 26, 2021, 2:19 p.m.
Last Update	Nov. 21, 2024, 11:59 a.m.

Affected software configurations

Configuration1		or higher	or less	more than	less than
cpe:2.3:a:memcached:memcached::::::::			1.4.31

Related information, measures and tools

No	URL	タグ
1	http://rhn.redhat.com/errata/RHSA-2016-2819.html
2	http://rhn.redhat.com/errata/RHSA-2016-2819.html
3	http://rhn.redhat.com/errata/RHSA-2016-2820.html
4	http://rhn.redhat.com/errata/RHSA-2016-2820.html
5	http://www.debian.org/security/2016/dsa-3704
6	http://www.debian.org/security/2016/dsa-3704
7	http://www.securityfocus.com/bid/94083
8	http://www.securityfocus.com/bid/94083
9	http://www.securitytracker.com/id/1037333
10	http://www.securitytracker.com/id/1037333
11	http://www.talosintelligence.com/reports/TALOS-2016-0219/	Exploit Technical Description Third Party Advisory VDB Entry
12	http://www.talosintelligence.com/reports/TALOS-2016-0219/	Exploit Technical Description Third Party Advisory VDB Entry
13	https://access.redhat.com/errata/RHSA-2017:0059
14	https://access.redhat.com/errata/RHSA-2017:0059
15	https://security.gentoo.org/glsa/201701-12
16	https://security.gentoo.org/glsa/201701-12

Common Vulnerabilities List

No	CWE	Name	URL
1	CWE-190	整数オーバーフローまたはラップアラウンド	https://cwe.mitre.org/data/definitions/190.html

JVN Vulnerability Information

Memcached の process_bin_append_prepend 関数における整数オーバーフローの脆弱性

Title	Memcached の process_bin_append_prepend 関数における整数オーバーフローの脆弱性
Summary	Memcached の process_bin_append_prepend 関数には、整数オーバーフローの脆弱性が存在します。
Possible impacts	Memcached のバイナリプロトコルの複数のコマンドを処理されることで、ヒープオーバーフローを引き起こされ、その結果、リモートでコードを実行される可能性があります。
Solution	ベンダ情報および参考情報を参照して適切な対策を実施してください。
Publication Date	Oct. 31, 2016, midnight
Registration Date	Jan. 18, 2017, 2:59 p.m.
Last Update	Jan. 18, 2017, 2:59 p.m.

Affected System

Memcached

Memcached 1.4.31

CVE (情報セキュリティ共通脆弱性識別子)

No	Name	URL
Common Vulnerabilities and Exposures (CVE)
1	CVE-2016-8704	http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-8704
National Vulnerability Database (NVD)
2	CVE-2016-8704	http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2016-8704

CWE (共通脆弱性タイプ一覧)

No	Name	URL
JVNDB
1	CWE-190	https://cwe.mitre.org/data/definitions/190.html

ベンダー情報

No	Name	URL
Memcached
1	Top Page	http://memcached.org/
Red Hat Security Advisory
2	RHSA-2016:2819	http://rhn.redhat.com/errata/RHSA-2016-2819.html
3	RHSA-2016:2820	http://rhn.redhat.com/errata/RHSA-2016-2820.html
Talos Vulnerability Report
4	TALOS-2016-0219	http://www.talosintelligence.com/reports/TALOS-2016-0219/

Change Log

No	Changed Details	Date of change
0	[2017年01月18日] 掲載	Feb. 17, 2018, 10:37 a.m.