Critical severity9.8NVD Advisory· Published Jan 6, 2017· Updated May 6, 2026

CVE-2016-8704

Description

An integer overflow in the process_bin_append_prepend function in Memcached, which is responsible for processing multiple commands of Memcached binary protocol, can be abused to cause heap overflow and lead to remote code execution.

Affected products

Memcached/Memcached2 versions
cpe:2.3:a:memcached:memcached:*:*:*:*:*:*:*:*+ 1 more
- cpe:2.3:a:memcached:memcached:*:*:*:*:*:*:*:*range: <=1.4.31
- (no CPE)range: 1.4.31

Patches

No patches discovered yet.

Vulnerability mechanics

AI mechanics synthesis has not run for this CVE yet.

References

www.talosintelligence.com/reports/TALOS-2016-0219/nvdExploitTechnical DescriptionThird Party AdvisoryVDB Entry
rhn.redhat.com/errata/RHSA-2016-2819.htmlnvd
rhn.redhat.com/errata/RHSA-2016-2820.htmlnvd
www.debian.org/security/2016/dsa-3704nvd
www.securityfocus.com/bid/94083nvd
www.securitytracker.com/id/1037333nvd
access.redhat.com/errata/RHSA-2017:0059nvd
security.gentoo.org/glsa/201701-12nvd

News mentions

No linked articles in our index yet.

cvss	0.637
epss	0.011
exploit	0.000
kev	0.000
patch	0.000
ransomware	0.000