CVE-2017-12425 - An issue was discovered in Varnish HTTP Cache 4.0.1 through 4.0.4, 4.1.0 through 4.1.7, 5.0.0, and 5

CVE-2017-12425

Summary

An issue was discovered in Varnish HTTP Cache 4.0.1 through 4.0.4, 4.1.0 through 4.1.7, 5.0.0, and 5.1.0 through 5.1.2. A wrong if statement in the varnishd source code means that particular invalid requests from the client can trigger an assert, related to an Integer Overflow. This causes the varnishd worker process to abort and restart, losing the cached contents in the process. An attacker can therefore crash the varnishd worker process on demand and effectively keep it from serving content - a Denial-of-Service attack. The specific source-code filename containing the incorrect statement varies across releases.

References

Vulnerable Configurations

cpe:2.3:a:varnish-cache:varnish:4.0.3:rc-1:*:*:*:*:*:*
cpe:2.3:a:varnish-cache:varnish:4.0.3:rc-1:*:*:*:*:*:*
cpe:2.3:a:varnish-cache:varnish:4.0.3:rc-2-proper:*:*:*:*:*:*
cpe:2.3:a:varnish-cache:varnish:4.0.3:rc-2-proper:*:*:*:*:*:*
cpe:2.3:a:varnish-cache:varnish:4.0.3:rc-3:*:*:*:*:*:*
cpe:2.3:a:varnish-cache:varnish:4.0.3:rc-3:*:*:*:*:*:*
cpe:2.3:a:varnish-cache:varnish:4.0.2:rc-1:*:*:*:*:*:*
cpe:2.3:a:varnish-cache:varnish:4.0.2:rc-1:*:*:*:*:*:*
cpe:2.3:a:varnish-cache:varnish:4.0.3:rc-2:*:*:*:*:*:*
cpe:2.3:a:varnish-cache:varnish:4.0.3:rc-2:*:*:*:*:*:*
cpe:2.3:a:varnish_cache_project:varnish_cache:4.0.1:*:*:*:*:*:*:*
cpe:2.3:a:varnish_cache_project:varnish_cache:4.0.1:*:*:*:*:*:*:*
cpe:2.3:a:varnish_cache_project:varnish_cache:4.0.4:*:*:*:*:*:*:*
cpe:2.3:a:varnish_cache_project:varnish_cache:4.0.4:*:*:*:*:*:*:*
cpe:2.3:a:varnish_cache_project:varnish_cache:4.0.3:*:*:*:*:*:*:*
cpe:2.3:a:varnish_cache_project:varnish_cache:4.0.3:*:*:*:*:*:*:*
cpe:2.3:a:varnish_cache_project:varnish_cache:4.0.2:*:*:*:*:*:*:*
cpe:2.3:a:varnish_cache_project:varnish_cache:4.0.2:*:*:*:*:*:*:*
cpe:2.3:a:varnish-cache:varnish:4.1.0:*:*:*:*:*:*:*
cpe:2.3:a:varnish-cache:varnish:4.1.0:*:*:*:*:*:*:*
cpe:2.3:a:varnish-software:varnish_cache:4.1.0:technology_preview1:*:*:*:*:*:*
cpe:2.3:a:varnish-software:varnish_cache:4.1.0:technology_preview1:*:*:*:*:*:*
cpe:2.3:a:varnish-software:varnish_cache:4.1.2:beta1:*:*:*:*:*:*
cpe:2.3:a:varnish-software:varnish_cache:4.1.2:beta1:*:*:*:*:*:*
cpe:2.3:a:varnish-software:varnish_cache:4.1.1:beta2:*:*:*:*:*:*
cpe:2.3:a:varnish-software:varnish_cache:4.1.1:beta2:*:*:*:*:*:*
cpe:2.3:a:varnish-software:varnish_cache:4.1.4:beta1:*:*:*:*:*:*
cpe:2.3:a:varnish-software:varnish_cache:4.1.4:beta1:*:*:*:*:*:*
cpe:2.3:a:varnish-software:varnish_cache:4.1.0:beta1:*:*:*:*:*:*
cpe:2.3:a:varnish-software:varnish_cache:4.1.0:beta1:*:*:*:*:*:*
cpe:2.3:a:varnish-software:varnish_cache:4.1.3:beta1:*:*:*:*:*:*
cpe:2.3:a:varnish-software:varnish_cache:4.1.3:beta1:*:*:*:*:*:*
cpe:2.3:a:varnish-software:varnish_cache:4.1.5:beta2:*:*:*:*:*:*
cpe:2.3:a:varnish-software:varnish_cache:4.1.5:beta2:*:*:*:*:*:*
cpe:2.3:a:varnish-software:varnish_cache:4.1.6:*:*:*:*:*:*:*
cpe:2.3:a:varnish-software:varnish_cache:4.1.6:*:*:*:*:*:*:*
cpe:2.3:a:varnish-software:varnish_cache:4.1.4:beta2:*:*:*:*:*:*
cpe:2.3:a:varnish-software:varnish_cache:4.1.4:beta2:*:*:*:*:*:*
cpe:2.3:a:varnish-software:varnish_cache:4.1.4:*:*:*:*:*:*:*
cpe:2.3:a:varnish-software:varnish_cache:4.1.4:*:*:*:*:*:*:*
cpe:2.3:a:varnish-software:varnish_cache:4.1.5:*:*:*:*:*:*:*
cpe:2.3:a:varnish-software:varnish_cache:4.1.5:*:*:*:*:*:*:*
cpe:2.3:a:varnish-software:varnish_cache:4.1.2:beta2:*:*:*:*:*:*
cpe:2.3:a:varnish-software:varnish_cache:4.1.2:beta2:*:*:*:*:*:*
cpe:2.3:a:varnish-software:varnish_cache:4.1.1:*:*:*:*:*:*:*
cpe:2.3:a:varnish-software:varnish_cache:4.1.1:*:*:*:*:*:*:*
cpe:2.3:a:varnish-software:varnish_cache:4.1.3:beta2:*:*:*:*:*:*
cpe:2.3:a:varnish-software:varnish_cache:4.1.3:beta2:*:*:*:*:*:*
cpe:2.3:a:varnish-software:varnish_cache:4.1.2:*:*:*:*:*:*:*
cpe:2.3:a:varnish-software:varnish_cache:4.1.2:*:*:*:*:*:*:*
cpe:2.3:a:varnish-software:varnish_cache:4.1.3:*:*:*:*:*:*:*
cpe:2.3:a:varnish-software:varnish_cache:4.1.3:*:*:*:*:*:*:*
cpe:2.3:a:varnish-software:varnish_cache:4.1.1:beta1:*:*:*:*:*:*
cpe:2.3:a:varnish-software:varnish_cache:4.1.1:beta1:*:*:*:*:*:*
cpe:2.3:a:varnish-software:varnish_cache:4.1.4:beta3:*:*:*:*:*:*
cpe:2.3:a:varnish-software:varnish_cache:4.1.4:beta3:*:*:*:*:*:*
cpe:2.3:a:varnish-software:varnish_cache:4.1.5:beta1:*:*:*:*:*:*
cpe:2.3:a:varnish-software:varnish_cache:4.1.5:beta1:*:*:*:*:*:*
cpe:2.3:a:varnish-software:varnish_cache:4.1.7:*:*:*:*:*:*:*
cpe:2.3:a:varnish-software:varnish_cache:4.1.7:*:*:*:*:*:*:*
cpe:2.3:a:varnish_cache_project:varnish_cache:5.1.0:*:*:*:*:*:*:*
cpe:2.3:a:varnish_cache_project:varnish_cache:5.1.0:*:*:*:*:*:*:*
cpe:2.3:a:varnish_cache_project:varnish_cache:5.0.0:*:*:*:*:*:*:*
cpe:2.3:a:varnish_cache_project:varnish_cache:5.0.0:*:*:*:*:*:*:*
cpe:2.3:a:varnish_cache_project:varnish_cache:5.1.1:*:*:*:*:*:*:*
cpe:2.3:a:varnish_cache_project:varnish_cache:5.1.1:*:*:*:*:*:*:*
cpe:2.3:a:varnish_cache_project:varnish_cache:5.1.2:*:*:*:*:*:*:*
cpe:2.3:a:varnish_cache_project:varnish_cache:5.1.2:*:*:*:*:*:*:*

CVSS

Base:	5.0 (as of 02-08-2022 - 19:13)
Impact:
Exploitability:

CWE

CWE-190

CAPEC

Forced Integer Overflow
This attack forces an integer variable to go out of range. The integer variable is often used as an offset such as size of memory allocation or similarly. The attacker would typically control the value of such variable and try to get it out of range. For instance the integer in question is incremented past the maximum possible value, it may wrap to become a very small, or negative number, therefore providing a very incorrect value which can lead to unexpected behavior. At worst the attacker can execute arbitrary code.

Access

Vector	Complexity	Authentication
NETWORK	LOW	NONE

Impact

Confidentiality	Integrity	Availability
NONE	NONE	PARTIAL

cvss-vector via4

AV:N/AC:L/Au:N/C:N/I:N/A:P

refmap via4

confirm	https://bugzilla.redhat.com/show_bug.cgi?id=1477222 https://bugzilla.suse.com/show_bug.cgi?id=1051917 https://github.com/varnishcache/varnish-cache/issues/2379 https://lists.debian.org/debian-security-announce/2017/msg00186.html https://www.varnish-cache.org/security/VSV00001.html#vsv00001
debian	DSA-3924

Last major update

02-08-2022 - 19:13

Published

04-08-2017 - 09:29

Last modified

02-08-2022 - 19:13