Loading HuntDB...
Hunt
Vulnerability Intelligence by wss.sh
Home Daily Briefings High Impact CVEs Recent Exploits KEV Catalog GitHub Advisories Latest Updates Security News
Sign In Sign Up

CVE-2017-8807

UNKNOWN
Published 2017-11-16T02:00:00
Actions:

Expert Analysis

Professional remediation guidance

Get tailored security recommendations from our analyst team for CVE-2017-8807. We'll provide specific mitigation strategies based on your environment and risk profile.

No CVSS data available

Description

vbf_stp_error in bin/varnishd/cache/cache_fetch.c in Varnish HTTP Cache 4.1.x before 4.1.9 and 5.x before 5.2.1 allows remote attackers to obtain sensitive information from process memory because a VFP_GetStorage buffer is larger than intended in certain circumstances involving -sfile Stevedore transient objects.

Available Exploits

No exploits available for this CVE.

Related News

No news articles found for this CVE.

GitHub Security Advisories

Community-driven vulnerability intelligence from GitHub

⚠ Unreviewed CRITICAL

GHSA-r6hf-gj32-7rc9

Advisory Details

vbf_stp_error in bin/varnishd/cache/cache_fetch.c in Varnish HTTP Cache 4.1.x before 4.1.9 and 5.x before 5.2.1 allows remote attackers to obtain sensitive information from process memory because a VFP_GetStorage buffer is larger than intended in certain circumstances involving -sfile Stevedore transient objects.

CVSS Scoring

CVSS Score

9.0

CVSS Vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:H

References

ADVISORY https://nvd.nist.gov/vuln/detail/CVE-2017-8807
WEB https://github.com/varnishcache/varnish-cache/pull/2429
WEB https://github.com/varnishcache/varnish-cache/commit/176f8a075a963ffbfa56f1c460c15f6a1a6af5a7
WEB https://bugs.debian.org/881808
WEB https://www.debian.org/security/2017/dsa-4034
WEB http://varnish-cache.org/security/VSV00002.html
WEB http://www.securityfocus.com/bid/101886

Advisory provided by GitHub Security Advisory Database. Published: May 13, 2022, Modified: May 13, 2022

References

https://bugs.debian.org/881808
http://varnish-cache.org/security/VSV00002.html
https://github.com/varnishcache/varnish-cache/pull/2429
https://github.com/varnishcache/varnish-cache/commit/176f8a075a963ffbfa56f1c460c15f6a1a6af5a7
https://www.debian.org/security/2017/dsa-4034
http://www.securityfocus.com/bid/101886
Published: 2017-11-16T02:00:00
Last Modified: 2024-08-05T16:48:21.686Z
Copied to clipboard!