CVE-2017-12425
published 2017-08-04CVE-2017-12425: An issue was discovered in Varnish HTTP Cache 4.0.1 through 4.0.4, 4.1.0 through 4.1.7, 5.0.0, and 5.1.0 through 5.1.2. A wrong if statement in the varnishd…
PriorityP337high7.5CVSS 3.0
AVNACLPRNUINSUCNINAH
EPSS
2.42%
82.1th percentile
An issue was discovered in Varnish HTTP Cache 4.0.1 through 4.0.4, 4.1.0 through 4.1.7, 5.0.0, and 5.1.0 through 5.1.2. A wrong if statement in the varnishd source code means that particular invalid requests from the client can trigger an assert, related to an Integer Overflow. This causes the varnishd worker process to abort and restart, losing the cached contents in the process. An attacker can therefore crash the varnishd worker process on demand and effectively keep it from serving content - a Denial-of-Service attack. The specific source-code filename containing the incorrect statement varies across releases.
Affected
24 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| debian | varnish | < varnish 5.0.0-7.1 (bookworm) | varnish 5.0.0-7.1 (bookworm) |
| varnish-cache | varnish | — | — |
| varnish-cache | varnish | — | — |
| varnish-cache | varnish | — | — |
| varnish-cache | varnish | >= 0 < 5.0.0-7.1 | 5.0.0-7.1 |
| varnish-cache | varnish | >= 0 < 5.0.0-7.1 | 5.0.0-7.1 |
| varnish-cache | varnish | >= 0 < 5.0.0-7.1 | 5.0.0-7.1 |
| varnish-cache | varnish | >= 0 < 5.0.0-7.1 | 5.0.0-7.1 |
| varnish-software | varnish_cache | — | — |
| varnish-software | varnish_cache | — | — |
| varnish-software | varnish_cache | — | — |
| varnish-software | varnish_cache | — | — |
| varnish-software | varnish_cache | — | — |
| varnish-software | varnish_cache | — | — |
| varnish-software | varnish_cache | — | — |
| varnish-software | varnish_cache | — | — |
| varnish_cache_project | varnish_cache | — | — |
| varnish_cache_project | varnish_cache | — | — |
| varnish_cache_project | varnish_cache | — | — |
| varnish_cache_project | varnish_cache | — | — |
| varnish_cache_project | varnish_cache | — | — |
| varnish_cache_project | varnish_cache | — | — |
| varnish_cache_project | varnish_cache | — | — |
| varnish_cache_project | varnish_cache | — | — |
CVSS provenance
nvdv3.07.5HIGHCVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
nvdv2.05.0MEDIUMAV:N/AC:L/Au:N/C:N/I:N/A:P
osv7.5HIGH
vendor_debian7.5HIGH
vendor_redhat7.5HIGH
Stop checking back — get the weekly exploitation signal.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
Red Hat
varnish: Missing check for integer overflow when handling chunk sizes in HTTP requests
vendor_redhat·2017-08-02·CVSS 7.5
CVE-2017-12425 [HIGH] CWE-190 varnish: Missing check for integer overflow when handling chunk sizes in HTTP requests
varnish: Missing check for integer overflow when handling chunk sizes in HTTP requests
An issue was discovered in Varnish HTTP Cache 4.0.1 through 4.0.4, 4.1.0 through 4.1.7, 5.0.0, and 5.1.0 through 5.1.2. A wrong if statement in the varnishd source code means that particular invalid requests from the client can trigger an assert, related to an Integer Overflow. This causes the varnishd worker process to abort and restart, losing the cached contents in the process. An attacker can therefore crash the varnishd worker process on demand and effectively keep it from serving content - a Denial-of-Service attack. The specific source-code filename containing the incorrect statement varies across releases.
An integer overflow flaw, leading to assertion failure, was found in the way Varnish hand
Debian
CVE-2017-12425: varnish - An issue was discovered in Varnish HTTP Cache 4.0.1 through 4.0.4, 4.1.0 through...
vendor_debian·2017·CVSS 7.5
CVE-2017-12425 [HIGH] CVE-2017-12425: varnish - An issue was discovered in Varnish HTTP Cache 4.0.1 through 4.0.4, 4.1.0 through...
An issue was discovered in Varnish HTTP Cache 4.0.1 through 4.0.4, 4.1.0 through 4.1.7, 5.0.0, and 5.1.0 through 5.1.2. A wrong if statement in the varnishd source code means that particular invalid requests from the client can trigger an assert, related to an Integer Overflow. This causes the varnishd worker process to abort and restart, losing the cached contents in the process. An attacker can therefore crash the varnishd worker process on demand and effectively keep it from serving content - a Denial-of-Service attack. The specific source-code filename containing the incorrect statement varies across releases.
Scope: local
bookworm: resolved (fixed in 5.0.0-7.1)
bullseye: resolved (fixed in 5.0.0-7.1)
forky: resolved (fixed in 5.0.0-7.1)
sid: resolved (fixed in 5.0.0-7.1)
trixie: resol
GHSA
GHSA-jhqh-84v8-3cw2: An issue was discovered in Varnish HTTP Cache 4
ghsa_unreviewed·2022-05-17
CVE-2017-12425 [HIGH] CWE-190 GHSA-jhqh-84v8-3cw2: An issue was discovered in Varnish HTTP Cache 4
An issue was discovered in Varnish HTTP Cache 4.0.1 through 4.0.4, 4.1.0 through 4.1.7, 5.0.0, and 5.1.0 through 5.1.2. A wrong if statement in the varnishd source code means that particular invalid requests from the client can trigger an assert, related to an Integer Overflow. This causes the varnishd worker process to abort and restart, losing the cached contents in the process. An attacker can therefore crash the varnishd worker process on demand and effectively keep it from serving content - a Denial-of-Service attack. The specific source-code filename containing the incorrect statement varies across releases.
OSV
CVE-2017-12425: An issue was discovered in Varnish HTTP Cache 4
osv·2017-08-04·CVSS 7.5
CVE-2017-12425 [HIGH] CVE-2017-12425: An issue was discovered in Varnish HTTP Cache 4
An issue was discovered in Varnish HTTP Cache 4.0.1 through 4.0.4, 4.1.0 through 4.1.7, 5.0.0, and 5.1.0 through 5.1.2. A wrong if statement in the varnishd source code means that particular invalid requests from the client can trigger an assert, related to an Integer Overflow. This causes the varnishd worker process to abort and restart, losing the cached contents in the process. An attacker can therefore crash the varnishd worker process on demand and effectively keep it from serving content - a Denial-of-Service attack. The specific source-code filename containing the incorrect statement varies across releases.
No detection rules found.
No public exploits indexed.
Bugzilla
CVE-2017-12425 varnish: Missing check for integer overflow when handling chunk sizes in HTTP requests [fedora-all]
bugzilla·2017-08-02·CVSS 7.5
CVE-2017-12425 [HIGH] CVE-2017-12425 varnish: Missing check for integer overflow when handling chunk sizes in HTTP requests [fedora-all]
CVE-2017-12425 varnish: Missing check for integer overflow when handling chunk sizes in HTTP requests [fedora-all]
This is an automatically created tracking bug! It was created to ensure
that one or more security vulnerabilities are fixed in affected versions
of fedora-all.
For comments that are specific to the vulnerability please use bugs filed
against the "Security Response" product referenced in the "Blocks" field.
For more information see:
http://fedoraproject.org/wiki/Security/TrackingBugs
When submitting as an update, use the fedpkg template provided in the next
comment(s). This will include the bug IDs of this tracking bug as well as
the relevant top-level CVE bugs.
Please also mention the CVE IDs being fixed in the RPM changelog and the
fedpkg commit message.
NOTE: this issu
Bugzilla
CVE-2017-12425 varnish: Missing check for integer overflow when handling chunk sizes in HTTP requests [epel-all]
bugzilla·2017-08-02·CVSS 7.5
CVE-2017-12425 [HIGH] CVE-2017-12425 varnish: Missing check for integer overflow when handling chunk sizes in HTTP requests [epel-all]
CVE-2017-12425 varnish: Missing check for integer overflow when handling chunk sizes in HTTP requests [epel-all]
This is an automatically created tracking bug! It was created to ensure
that one or more security vulnerabilities are fixed in affected versions
of epel-all.
For comments that are specific to the vulnerability please use bugs filed
against the "Security Response" product referenced in the "Blocks" field.
For more information see:
http://fedoraproject.org/wiki/Security/TrackingBugs
When submitting as an update, use the fedpkg template provided in the next
comment(s). This will include the bug IDs of this tracking bug as well as
the relevant top-level CVE bugs.
Please also mention the CVE IDs being fixed in the RPM changelog and the
fedpkg commit message.
NOTE: this issue af
Bugzilla
CVE-2017-12425 varnish: Missing check for integer overflow when handling chunk sizes in HTTP requests
bugzilla·2017-08-01·CVSS 7.5
CVE-2017-12425 [HIGH] CVE-2017-12425 varnish: Missing check for integer overflow when handling chunk sizes in HTTP requests
CVE-2017-12425 varnish: Missing check for integer overflow when handling chunk sizes in HTTP requests
Missing check for integer overflow was found in the code handling chunk sizes in HTTP requests. The vulnerability opens up for denial of service (DOS) attacks by a specially crafted HTTP request, which will cause the Varnish daemon to assert and restart, clearing the cache in the process. There is no risk for information leakage or remote execution. The vulnerability is present in all releases of Varnish Cache since version 4.0.1.
Discussion:
Acknowledgments:
Name: the Varnish Cache project
---
Created attachment 1307655
varnish 4.0 patch
---
Created attachment 1307656
varnish 4.1 patch
---
Created attachment 1307657
varnish 5.0 patch
---
Created attachment 1307658
varnish 5.1
http://www.debian.org/security/2017/dsa-3924https://bugzilla.redhat.com/show_bug.cgi?id=1477222https://bugzilla.suse.com/show_bug.cgi?id=1051917https://github.com/varnishcache/varnish-cache/issues/2379https://lists.debian.org/debian-security-announce/2017/msg00186.htmlhttps://www.varnish-cache.org/security/VSV00001.html#vsv00001http://www.debian.org/security/2017/dsa-3924https://bugzilla.redhat.com/show_bug.cgi?id=1477222https://bugzilla.suse.com/show_bug.cgi?id=1051917https://github.com/varnishcache/varnish-cache/issues/2379https://lists.debian.org/debian-security-announce/2017/msg00186.htmlhttps://www.varnish-cache.org/security/VSV00001.html#vsv00001
2017-08-04
Published