Memcached integer overflow CVE-2016-8704

December 9, 2016

Memcached is a Free & open source, high-performance, distributed memory object caching system.

An integer overflow flaw, leading to a heap-based buffer overflow, was found in the memcached binary protocol (CVE-2016-8704). An attacker could create a specially crafted message that would cause the memcached server to crash or, potentially, execute arbitrary code. An integer overflow can be triggered by issuing a command that appends or prepends data to an existing key-value pair.

SonicWALL Threat Research Team has researched this vulnerability and released following signature to protect their customers.

  • IPS 12508: Memcached process_bin_append_prepend Integer Overflow