vbf_stp_error in bin/varnishd/cache/cache_fetch.c in Varnish HTTP Cache 4.1.x prior to 4.1.9 and 5.x prior to 5.2.1 allows remote malicious users to obtain sensitive information from process memory because a VFP_GetStorage buffer is larger than intended in certain circumstances involving -sfile Stevedore transient objects.
Vulnerable Product | Search on Vulmon | Subscribe to Product |
---|---|---|
varnish-cache varnish |
||
varnish cache project varnish cache |
||
debian debian linux 9.0 |