PT-2017-18542 · Varnish+1 · Varnish Http Cache+1

Carlo Cannas

Publicado

2017-11-15

Atualizado

2022-08-02

CVE-2017-8807

CVSS v3.1

9.1

Crítica

Vetor

AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:H

Name of the Vulnerable Software and Affected Versions Varnish HTTP Cache versions 4.1.x through 4.1.8 Varnish HTTP Cache versions 5.x through 5.2.0

Description The issue allows remote attackers to obtain sensitive information from process memory due to a VFP GetStorage buffer being larger than intended in certain circumstances involving -sfile Stevedore transient objects. This occurs because of an error in the vbf stp error function in bin/varnishd/cache/cache fetch.c.

Recommendations For Varnish HTTP Cache versions 4.1.x through 4.1.8, update to version 4.1.9 or later. For Varnish HTTP Cache versions 5.x through 5.2.0, update to version 5.2.1 or later.

Correção

Buffer Overflow

Encontrou algum problema na descrição? Tem algo a acrescentar? Fique à vontade para nos escrever 👾

dbugs@ptsecurity.com

Enumeração de Fraquezas

CWE-119

Identificadores relacionados

CVE-2017-8807

DSA-4034-1

MGASA-2017-0435

USN-4824-1

Produtos afetados

Ubuntu

Varnish Http Cache

PT-2017-18542 · Varnish+1 · Varnish Http Cache+1

CVE-2017-8807

Enumeração de Fraquezas

Identificadores relacionados

Produtos afetados

Referências · 24