CVE-2017-12425 — Integer Overflow or Wraparound in Varnish
Severity
7.5HIGHNVD
EPSS
1.0%
top 22.47%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
Timeline
PublishedAug 4
Latest updateMay 17
Description
An issue was discovered in Varnish HTTP Cache 4.0.1 through 4.0.4, 4.1.0 through 4.1.7, 5.0.0, and 5.1.0 through 5.1.2. A wrong if statement in the varnishd source code means that particular invalid requests from the client can trigger an assert, related to an Integer Overflow. This causes the varnishd worker process to abort and restart, losing the cached contents in the process. An attacker can therefore crash the varnishd worker process on demand and effectively keep it from serving content -…
CVSS vector
CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:HExploitability: 3.9 | Impact: 3.6
Affected Packages4 packages
🔴Vulnerability Details
3📋Vendor Advisories
2💬Community
3Bugzilla▶
CVE-2017-12425 varnish: Missing check for integer overflow when handling chunk sizes in HTTP requests [fedora-all]↗2017-08-02
Bugzilla▶
CVE-2017-12425 varnish: Missing check for integer overflow when handling chunk sizes in HTTP requests [epel-all]↗2017-08-02
Bugzilla▶
CVE-2017-12425 varnish: Missing check for integer overflow when handling chunk sizes in HTTP requests↗2017-08-01