Vulnerabilities (CVE)

Join the Common Vulnerabilities and Exposures (CVE) community and start to get notified about new vulnerabilities.

Filtered by vendor Varnish-cache Subscribe
Filtered by product Varnish-modules Klarlack
Total 1 CVE
CVE Vendors Products Updated CVSS v2 CVSS v3
CVE-2021-28543 2 Fedoraproject, Varnish-cache 3 Fedora, Varnish-modules, Varnish-modules Klarlack 2021-03-26 5.0 MEDIUM 7.5 HIGH
Varnish varnish-modules before 0.17.1 allows remote attackers to cause a denial of service (daemon restart) in some configurations. This does not affect organizations that only install the Varnish Cache product; however, it is common to install both Varnish Cache and varnish-modules. Specifically, an assertion failure or NULL pointer dereference can be triggered in Varnish Cache through the varnish-modules header.append() and header.copy() functions. For some Varnish Configuration Language (VCL) files, this gives remote clients an opportunity to cause a Varnish Cache restart. A restart reduces overall availability and performance due to an increased number of cache misses, and may cause higher load on backend servers.