Vulmon Recent Vulnerabilities Research Posts Trends Blog About Contact
7.5
CVSSv3

CVE-2021-28543

Published: 16/03/2021 Updated: 07/11/2023
CVSS v2 Base Score: 5 | Impact Score: 2.9 | Exploitability Score: 10
CVSS v3 Base Score: 7.5 | Impact Score: 3.6 | Exploitability Score: 3.9
VMScore: 445
Vector: AV:N/AC:L/Au:N/C:N/I:N/A:P
Subscribe to Varnish-cache

Vulnerability Summary

Varnish varnish-modules prior to 0.17.1 allows remote malicious users to cause a denial of service (daemon restart) in some configurations. This does not affect organizations that only install the Varnish Cache product; however, it is common to install both Varnish Cache and varnish-modules. Specifically, an assertion failure or NULL pointer dereference can be triggered in Varnish Cache through the varnish-modules header.append() and header.copy() functions. For some Varnish Configuration Language (VCL) files, this gives remote clients an opportunity to cause a Varnish Cache restart. A restart reduces overall availability and performance due to an increased number of cache misses, and may cause higher load on backend servers.

Vulnerability Trend

Vulnerable Product Search on Vulmon Subscribe to Product

varnish-cache varnish-modules

varnish-cache varnish-modules klarlack

fedoraproject fedora 34

Vendor Advisories

Debian CVElist Bug Report Logs: CVE-2021-28543
Debian Bug report logs - #985947 CVE-2021-28543 Package: varnish-modules; Maintainer for varnish-modules is Varnish Package Maintainers <team+varnish-team@trackerdebianorg>; Source for varnish-modules is src:varnish-modules (PTS, buildd, popcon) Reported by: Moritz Muehlenhoff <jmm@debianorg> Date: Fri, 26 Mar 202 ...
Red Hat: CVE-2021-28543
No description is available for this CVE ...

References

CWE-476CWE-617https://varnish-cache.org/security/VSV00006.htmlhttps://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/OPFBRQUJNWHCB3GQHSSAPRLQU6Q6PY43/https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=985947https://nvd.nist.govhttps://access.redhat.com/security/cve/cve-2021-28543
CVSSv3
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2023-21991CVE-2024-32674path traversalCVE-2023-21987denial of servicedosCVE-2024-4647CVE-2024-25519CVE-2024-33612
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started

Vulmon Search

Vulmon Search is a vulnerability search engine. It gives comprehensive vulnerability information through a very simple user interface.

About

Home Recent Vulnerabilities Research Posts Trends Blog About Contact

Products

Vulmon Search Vulmon Research Vulmon Alerts Vulmap

Connect

Twitter Reddit Linkedin Facebook