CVE-2013-4484 — Improper Restriction of Operations within the Bounds of a Memory Buffer in Cache Project Varnish Cache

CWE-119 — Improper Restriction of Operations within the Bounds of a Memory Buffer8 documents6 sources

Severity

5.0MEDIUMNVD

EPSS

1.6%

top 18.53%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Varnish-cache Varnish Varnish Cache Project Varnish Cache

Timeline

PublishedNov 1

Latest updateMay 17

Description

Varnish before 3.0.5 allows remote attackers to cause a denial of service (child-process crash and temporary caching outage) via a GET request with trailing whitespace characters and no URI.

CVSS vector

AV:N/AC:L/C:N/I:N/A:PExploitability: 10.0 | Impact: 2.9

Affected Packages3 packages

▶Debianvarnish-cache/varnish< 3.0.5-1+3

▶NVDvarnish_cache_project/varnish_cache3.0.4+16

▶NVDvarnish-cache/varnish2.0.0

Patches

Patch: www.varnish-cache.org ↗Patch: www.varnish-cache.org ↗

🔴Vulnerability Details

GHSA

GHSA-p7mm-48cj-8hqw: Varnish before 3↗2022-05-17

▶

OSV

CVE-2013-4484: Varnish before 3↗2013-11-01

▶

CVEList

CVE-2013-4484: Varnish before 3↗2013-11-01

▶

📋Vendor Advisories

Debian

CVE-2013-4484: varnish - Varnish before 3.0.5 allows remote attackers to cause a denial of service (child...↗2013

▶

💬Community

Bugzilla

CVE-2013-4484 varnish: denial of service handling certain GET requests [fedora-all]↗2013-10-31

▶

Bugzilla

CVE-2013-4484 varnish: denial of service handling certain GET requests [epel-all]↗2013-10-31

▶

Bugzilla

CVE-2013-4484 varnish: denial of service handling certain GET requests↗2013-10-31

▶