CVE-2017-8807

vbf_stp_error in bin/varnishd/cache/cache_fetch.c in Varnish HTTP Cache 4.1.x before 4.1.9 and 5.x before 5.2.1 allows remote attackers to obtain sensitive information from process memory because a VFP_GetStorage buffer is larger than intended in certain circumstances involving -sfile Stevedore transient objects.
Advertisement

NeevaHost hosting service

Configurations

Configuration 1 (hide)

OR cpe:2.3:a:varnish-cache:varnish:*:*:*:*:*:*:*:*
cpe:2.3:a:varnish_cache_project:varnish_cache:*:*:*:*:*:*:*:*

Configuration 2 (hide)

cpe:2.3:o:debian:debian_linux:9.0:*:*:*:*:*:*:*

Information

Published : 2017-11-15 18:29

Updated : 2022-08-02 09:29


NVD link : CVE-2017-8807

Mitre link : CVE-2017-8807


JSON object : View

CWE
CWE-119

Improper Restriction of Operations within the Bounds of a Memory Buffer

Advertisement

dedicated server usa

Products Affected

varnish-cache

  • varnish

debian

  • debian_linux

varnish_cache_project

  • varnish_cache