MidnightBSD

Advisories for varnish-cache

CVE-2013-4484 MEDIUM

Varnish before 3.0.5 allows remote attackers to cause a denial of service (child-process crash and temporary caching outage) via a GET request with trailing whitespace characters and no URI.

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-119,

Products Affected

Vendor Product Version
varnish_cache_project varnish_cache 2.0.5
varnish_cache_project varnish_cache 2.1.5
varnish_cache_project varnish_cache *
varnish_cache_project varnish_cache 2.0.2
varnish_cache_project varnish_cache 3.0.1
varnish_cache_project varnish_cache 2.1.2
varnish_cache_project varnish_cache 2.1.1
varnish_cache_project varnish_cache 2.1.4
varnish_cache_project varnish_cache 2.1.0
varnish_cache_project varnish_cache 3.0.0
varnish_cache_project varnish_cache 2.0.4
varnish_cache_project varnish_cache 2.0.1
varnish_cache_project varnish_cache 2.0.3
varnish-cache varnish 2.0.0
varnish_cache_project varnish_cache 3.0.2
varnish_cache_project varnish_cache 2.1.3
varnish_cache_project varnish_cache 3.0.3
varnish_cache_project varnish_cache 2.0.6
CVE-2017-12425 MEDIUM

An issue was discovered in Varnish HTTP Cache 4.0.1 through 4.0.4, 4.1.0 through 4.1.7, 5.0.0, and 5.1.0 through 5.1.2. A wrong if statement in the varnishd source code means that particular invalid requests from the client can trigger an assert, related to an Integer Overflow. This causes the varnishd worker process to abort and restart, losing the cached contents in the process. An attacker can therefore crash the varnishd worker process on demand and effectively keep it from serving content - a Denial-of-Service attack. The specific source-code filename containing the incorrect statement varies across releases.

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-190,

Products Affected

Vendor Product Version
varnish-software varnish_cache 4.1.5
varnish_cache_project varnish_cache 5.1.0
varnish-software varnish_cache 4.1.7
varnish_cache_project varnish_cache 5.1.1
varnish-software varnish_cache 4.1.1
varnish_cache_project varnish_cache 4.0.3
varnish_cache_project varnish_cache 4.0.1
varnish_cache_project varnish_cache 5.1.2
varnish_cache_project varnish_cache 4.0.2
varnish-software varnish_cache 4.1.2
varnish-software varnish_cache 4.1.4
varnish_cache_project varnish_cache 4.0.4
varnish_cache_project varnish_cache 5.0.0
varnish-software varnish_cache 4.1.6
varnish-software varnish_cache 4.1.0
varnish-cache varnish 4.0.3
varnish-software varnish_cache 4.1.3
varnish-cache varnish 4.0.2
varnish-cache varnish 4.1.0
CVE-2017-8807 MEDIUM

vbf_stp_error in bin/varnishd/cache/cache_fetch.c in Varnish HTTP Cache 4.1.x before 4.1.9 and 5.x before 5.2.1 allows remote attackers to obtain sensitive information from process memory because a VFP_GetStorage buffer is larger than intended in certain circumstances involving -sfile Stevedore transient objects.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 9.1 CRITICAL CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:H 3.9 5.2

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-119,

Products Affected

Vendor Product Version
varnish-cache varnish *
varnish_cache_project varnish_cache *
debian debian_linux 9.0
CVE-2019-20637 MEDIUM

An issue was discovered in Varnish Cache before 6.0.5 LTS, 6.1.x and 6.2.x before 6.2.2, and 6.3.x before 6.3.1. It does not clear a pointer between the handling of one client request and the next request within the same connection. This sometimes causes information to be disclosed from the connection workspace, such as data structures associated with previous requests within this connection or VCL-related temporary headers.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 7.5 HIGH CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N 3.9 3.6

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-212,

Products Affected

Vendor Product Version
opensuse backports_sle 15.0
varnish-cache varnish_cache *
varnish-software varnish_cache *
opensuse leap 15.1
CVE-2020-11653 MEDIUM

An issue was discovered in Varnish Cache before 6.0.6 LTS, 6.1.x and 6.2.x before 6.2.3, and 6.3.x before 6.3.2. It occurs when communication with a TLS termination proxy uses PROXY version 2. There can be an assertion failure and daemon restart, which causes a performance loss.

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-617,

Products Affected

Vendor Product Version
debian debian_linux 10.0
opensuse backports_sle 15.0
varnish-cache varnish_cache *
varnish-software varnish_cache *
opensuse leap 15.1
CVE-2021-28543 MEDIUM

Varnish varnish-modules before 0.17.1 allows remote attackers to cause a denial of service (daemon restart) in some configurations. This does not affect organizations that only install the Varnish Cache product; however, it is common to install both Varnish Cache and varnish-modules. Specifically, an assertion failure or NULL pointer dereference can be triggered in Varnish Cache through the varnish-modules header.append() and header.copy() functions. For some Varnish Configuration Language (VCL) files, this gives remote clients an opportunity to cause a Varnish Cache restart. A restart reduces overall availability and performance due to an increased number of cache misses, and may cause higher load on backend servers.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
cve@mitre.org 4.0 MEDIUM CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:N/I:N/A:L 2.2 1.4
nvd@nist.gov 7.5 HIGH CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H 3.9 3.6

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-476,CWE-617,

Products Affected

Vendor Product Version
varnish-cache varnish-modules *
varnish-cache varnish-modules_klarlack *
fedoraproject fedora 34
CVE-2021-36740 MEDIUM

Varnish Cache, with HTTP/2 enabled, allows request smuggling and VCL authorization bypass via a large Content-Length header for a POST request. This affects Varnish Enterprise 6.0.x before 6.0.8r3, and Varnish Cache 5.x and 6.x before 6.5.2, 6.6.x before 6.6.1, and 6.0 LTS before 6.0.8.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 6.5 MEDIUM CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N 3.9 2.5

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-444,

Products Affected

Vendor Product Version
debian debian_linux 10.0
varnish-cache varnish_cache 6.0.8
varnish-cache varnish_cache *
varnish_cache_project varnish_cache *
varnish-software varnish_cache *
fedoraproject fedora 34
debian debian_linux 11.0
fedoraproject fedora 33