An issue exists in Varnish HTTP Cache 4.0.1 up to and including 4.0.4, 4.1.0 up to and including 4.1.7, 5.0.0, and 5.1.0 up to and including 5.1.2. A wrong if statement in the varnishd source code means that particular invalid requests from the client can trigger an assert, related to an Integer Overflow. This causes the varnishd worker process to abort and restart, losing the cached contents in the process. An attacker can therefore crash the varnishd worker process on demand and effectively keep it from serving content - a Denial-of-Service attack. The specific source-code filename containing the incorrect statement varies across releases.
| Vulnerable Product | Search on Vulmon | Subscribe to Product |
|---|---|---|
varnish-cache varnish 4.0.3 |
||
varnish-cache varnish 4.0.2 |
||
varnish cache project varnish cache 4.0.1 |
||
varnish cache project varnish cache 4.0.4 |
||
varnish cache project varnish cache 4.0.3 |
||
varnish cache project varnish cache 4.0.2 |
||
varnish-cache varnish 4.1.0 |
||
varnish-software varnish cache 4.1.0 |
||
varnish-software varnish cache 4.1.2 |
||
varnish-software varnish cache 4.1.1 |
||
varnish-software varnish cache 4.1.4 |
||
varnish-software varnish cache 4.1.3 |
||
varnish-software varnish cache 4.1.5 |
||
varnish-software varnish cache 4.1.6 |
||
varnish-software varnish cache 4.1.7 |
||
varnish cache project varnish cache 5.1.0 |
||
varnish cache project varnish cache 5.0.0 |
||
varnish cache project varnish cache 5.1.1 |
||
varnish cache project varnish cache 5.1.2 |
Vulmon