vulnerability

Oracle Linux: CVE-2016-8706: ELSA-2016-2819: memcached security update (IMPORTANT) (Multiple Advisories)

Severity
8
CVSS
(AV:N/AC:H/Au:N/C:C/I:C/A:C)
Published
Oct 31, 2016
Added
Nov 23, 2016
Modified
Nov 29, 2024

Description

An integer overflow in process_bin_sasl_auth function in Memcached, which is responsible for authentication commands of Memcached binary protocol, can be abused to cause heap overflow and lead to remote code execution.
An integer overflow flaw, leading to a heap-based buffer overflow, was found in memcached's parsing of SASL authentication messages. An attacker could create a specially crafted message that would cause the memcached server to crash or, potentially, execute arbitrary code.

Solution(s)

oracle-linux-upgrade-memcachedoracle-linux-upgrade-memcached-devel
Title
NEW

Explore Exposure Command

Confidently identify and prioritize exposures from endpoint to cloud with full attack surface visibility and threat-aware risk context.