Shamger

**Name of the Vulnerable Software and Affected Versions** Varnish HTTP Cache versions 4.1.x through 4.1.8 Varnish HTTP Cache versions 5.x through 5.2.0 **Description** The issue allows remote attackers to obtain sensitive information from process memory due to a VFP GetStorage buffer being larger than intended in certain circumstances involving -sfile Stevedore transient objects. This occurs because of an error in the `vbf stp error` function in `bin/varnishd/cache/cache fetch.c`. **Recommendations** For Varnish HTTP Cache versions 4.1.x through 4.1.8, update to version 4.1.9 or later. For Varnish HTTP Cache versions 5.x through 5.2.0, update to version 5.2.1 or later.