Varnish varnish-modules before 0.17.1 allows remote attackers to cause a denial of service (daemon restart) in some configurations. This does not affect organizations that only install the Varnish Cache product; however, it is common to install both Varnish Cache and varnish-modules. Specifically, an assertion failure or NULL pointer dereference can be triggered in Varnish Cache through the varnish-modules header.append() and header.copy() functions. For some Varnish Configuration Language (VCL) files, this gives remote clients an opportunity to cause a Varnish Cache restart. A restart reduces overall availability and performance due to an increased number of cache misses, and may cause higher load on backend servers.
References
Configurations
History
07 Nov 2023, 03:32
Type | Values Removed | Values Added |
---|---|---|
References |
|
|
CWE | CWE-617 |
26 Mar 2021, 20:48
Type | Values Removed | Values Added |
---|---|---|
CPE | cpe:2.3:a:varnish-cache:varnish-modules:*:*:*:*:*:*:*:* cpe:2.3:a:varnish-cache:varnish-modules_klarlack:*:*:*:*:*:*:*:* cpe:2.3:o:fedoraproject:fedora:34:*:*:*:*:*:*:* |
|
References | (FEDORA) https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/OPFBRQUJNWHCB3GQHSSAPRLQU6Q6PY43/ - Mailing List, Third Party Advisory | |
References | (MISC) https://varnish-cache.org/security/VSV00006.html - Vendor Advisory | |
CVSS |
v2 : v3 : |
v2 : 5.0
v3 : 7.5 |
CVSS |
v2 : v3 : |
v2 : 5.0
v3 : 7.5 |
References | (FEDORA) https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/OPFBRQUJNWHCB3GQHSSAPRLQU6Q6PY43/ - Mailing List, Third Party Advisory | |
References | (MISC) https://varnish-cache.org/security/VSV00006.html - Vendor Advisory | |
CVSS |
v2 : v3 : |
v2 : 5.0
v3 : 7.5 |
CWE | CWE-476 | |
References | (FEDORA) https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/OPFBRQUJNWHCB3GQHSSAPRLQU6Q6PY43/ - Mailing List, Third Party Advisory | |
References | (MISC) https://varnish-cache.org/security/VSV00006.html - Vendor Advisory | |
CWE | CWE-476 | |
CVSS |
v2 : v3 : |
v2 : 5.0
v3 : 7.5 |
CPE | cpe:2.3:a:varnish-cache:varnish-modules:*:*:*:*:*:*:*:* cpe:2.3:a:varnish-cache:varnish-modules_klarlack:*:*:*:*:*:*:*:* cpe:2.3:o:fedoraproject:fedora:34:*:*:*:*:*:*:* |
|
CWE | CWE-476 | |
References | (FEDORA) https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/OPFBRQUJNWHCB3GQHSSAPRLQU6Q6PY43/ - Mailing List, Third Party Advisory | |
References | (MISC) https://varnish-cache.org/security/VSV00006.html - Vendor Advisory | |
CPE | cpe:2.3:a:varnish-cache:varnish-modules:*:*:*:*:*:*:*:* cpe:2.3:a:varnish-cache:varnish-modules_klarlack:*:*:*:*:*:*:*:* cpe:2.3:o:fedoraproject:fedora:34:*:*:*:*:*:*:* |
|
CPE | cpe:2.3:a:varnish-cache:varnish-modules:*:*:*:*:*:*:*:* cpe:2.3:a:varnish-cache:varnish-modules_klarlack:*:*:*:*:*:*:*:* cpe:2.3:o:fedoraproject:fedora:34:*:*:*:*:*:*:* |
|
References | (FEDORA) https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/OPFBRQUJNWHCB3GQHSSAPRLQU6Q6PY43/ - Mailing List, Third Party Advisory | |
References | (MISC) https://varnish-cache.org/security/VSV00006.html - Vendor Advisory | |
CVSS |
v2 : v3 : |
v2 : 5.0
v3 : 7.5 |
CPE | cpe:2.3:a:varnish-cache:varnish-modules:*:*:*:*:*:*:*:* cpe:2.3:a:varnish-cache:varnish-modules_klarlack:*:*:*:*:*:*:*:* cpe:2.3:o:fedoraproject:fedora:34:*:*:*:*:*:*:* |
|
CPE | cpe:2.3:a:varnish-cache:varnish-modules:*:*:*:*:*:*:*:* cpe:2.3:a:varnish-cache:varnish-modules_klarlack:*:*:*:*:*:*:*:* cpe:2.3:o:fedoraproject:fedora:34:*:*:*:*:*:*:* |
|
CVSS |
v2 : v3 : |
v2 : 5.0
v3 : 7.5 |
CWE | CWE-476 | |
References | (FEDORA) https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/OPFBRQUJNWHCB3GQHSSAPRLQU6Q6PY43/ - Mailing List, Third Party Advisory | |
References | (MISC) https://varnish-cache.org/security/VSV00006.html - Vendor Advisory | |
CVSS |
v2 : v3 : |
v2 : 5.0
v3 : 7.5 |
CWE | CWE-476 | |
CPE | cpe:2.3:a:varnish-cache:varnish-modules:*:*:*:*:*:*:*:* cpe:2.3:a:varnish-cache:varnish-modules_klarlack:*:*:*:*:*:*:*:* cpe:2.3:o:fedoraproject:fedora:34:*:*:*:*:*:*:* |
|
References | (FEDORA) https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/OPFBRQUJNWHCB3GQHSSAPRLQU6Q6PY43/ - Mailing List, Third Party Advisory | |
References | (MISC) https://varnish-cache.org/security/VSV00006.html - Vendor Advisory | |
CPE | cpe:2.3:a:varnish-cache:varnish-modules:*:*:*:*:*:*:*:* cpe:2.3:a:varnish-cache:varnish-modules_klarlack:*:*:*:*:*:*:*:* cpe:2.3:o:fedoraproject:fedora:34:*:*:*:*:*:*:* |
|
References | (FEDORA) https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/OPFBRQUJNWHCB3GQHSSAPRLQU6Q6PY43/ - Mailing List, Third Party Advisory | |
References | (MISC) https://varnish-cache.org/security/VSV00006.html - Vendor Advisory | |
References | (FEDORA) https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/OPFBRQUJNWHCB3GQHSSAPRLQU6Q6PY43/ - Mailing List, Third Party Advisory | |
References | (MISC) https://varnish-cache.org/security/VSV00006.html - Vendor Advisory | |
CVSS |
v2 : v3 : |
v2 : 5.0
v3 : 7.5 |
References | (FEDORA) https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/OPFBRQUJNWHCB3GQHSSAPRLQU6Q6PY43/ - Mailing List, Third Party Advisory | |
References | (MISC) https://varnish-cache.org/security/VSV00006.html - Vendor Advisory | |
CVSS |
v2 : v3 : |
v2 : 5.0
v3 : 7.5 |
CWE | CWE-476 | |
CVSS |
v2 : v3 : |
v2 : 5.0
v3 : 7.5 |
CWE | CWE-476 | |
CPE | cpe:2.3:a:varnish-cache:varnish-modules:*:*:*:*:*:*:*:* cpe:2.3:a:varnish-cache:varnish-modules_klarlack:*:*:*:*:*:*:*:* cpe:2.3:o:fedoraproject:fedora:34:*:*:*:*:*:*:* |
|
CWE | CWE-476 | |
CWE | CWE-476 | |
CVSS |
v2 : v3 : |
v2 : 5.0
v3 : 7.5 |
CPE | cpe:2.3:a:varnish-cache:varnish-modules:*:*:*:*:*:*:*:* cpe:2.3:a:varnish-cache:varnish-modules_klarlack:*:*:*:*:*:*:*:* cpe:2.3:o:fedoraproject:fedora:34:*:*:*:*:*:*:* |
|
References | (FEDORA) https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/OPFBRQUJNWHCB3GQHSSAPRLQU6Q6PY43/ - Mailing List, Third Party Advisory | |
References | (MISC) https://varnish-cache.org/security/VSV00006.html - Vendor Advisory | |
CVSS |
v2 : v3 : |
v2 : 5.0
v3 : 7.5 |
CPE | cpe:2.3:a:varnish-cache:varnish-modules:*:*:*:*:*:*:*:* cpe:2.3:a:varnish-cache:varnish-modules_klarlack:*:*:*:*:*:*:*:* cpe:2.3:o:fedoraproject:fedora:34:*:*:*:*:*:*:* |
|
CPE | cpe:2.3:a:varnish-cache:varnish-modules:*:*:*:*:*:*:*:* cpe:2.3:a:varnish-cache:varnish-modules_klarlack:*:*:*:*:*:*:*:* cpe:2.3:o:fedoraproject:fedora:34:*:*:*:*:*:*:* |
|
CWE | CWE-476 | |
CVSS |
v2 : v3 : |
v2 : 5.0
v3 : 7.5 |
References | (FEDORA) https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/OPFBRQUJNWHCB3GQHSSAPRLQU6Q6PY43/ - Mailing List, Third Party Advisory | |
References | (MISC) https://varnish-cache.org/security/VSV00006.html - Vendor Advisory | |
CWE | CWE-476 | |
CWE | CWE-476 | |
CPE | cpe:2.3:a:varnish-cache:varnish-modules:*:*:*:*:*:*:*:* cpe:2.3:a:varnish-cache:varnish-modules_klarlack:*:*:*:*:*:*:*:* cpe:2.3:o:fedoraproject:fedora:34:*:*:*:*:*:*:* |
|
CWE | CWE-476 | |
CWE | CWE-476 | |
References | (FEDORA) https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/OPFBRQUJNWHCB3GQHSSAPRLQU6Q6PY43/ - Mailing List, Third Party Advisory | |
References | (MISC) https://varnish-cache.org/security/VSV00006.html - Vendor Advisory | |
CVSS |
v2 : v3 : |
v2 : 5.0
v3 : 7.5 |
CPE | cpe:2.3:a:varnish-cache:varnish-modules:*:*:*:*:*:*:*:* cpe:2.3:a:varnish-cache:varnish-modules_klarlack:*:*:*:*:*:*:*:* cpe:2.3:o:fedoraproject:fedora:34:*:*:*:*:*:*:* |
|
CWE | CWE-476 | |
CVSS |
v2 : v3 : |
v2 : 5.0
v3 : 7.5 |
References | (FEDORA) https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/OPFBRQUJNWHCB3GQHSSAPRLQU6Q6PY43/ - Mailing List, Third Party Advisory | |
References | (MISC) https://varnish-cache.org/security/VSV00006.html - Vendor Advisory | |
References | (FEDORA) https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/OPFBRQUJNWHCB3GQHSSAPRLQU6Q6PY43/ - Mailing List, Third Party Advisory | |
References | (MISC) https://varnish-cache.org/security/VSV00006.html - Vendor Advisory | |
CPE | cpe:2.3:a:varnish-cache:varnish-modules:*:*:*:*:*:*:*:* cpe:2.3:a:varnish-cache:varnish-modules_klarlack:*:*:*:*:*:*:*:* cpe:2.3:o:fedoraproject:fedora:34:*:*:*:*:*:*:* |
22 Mar 2021, 04:15
Type | Values Removed | Values Added |
---|---|---|
CPE | cpe:2.3:a:varnish-cache:varnish-modules_klarlack:*:*:*:*:*:*:*:* cpe:2.3:o:fedoraproject:fedora:34:*:*:*:*:*:*:* |
|
CWE | ||
CVSS |
v2 : v3 : |
v2 : unknown
v3 : unknown |
CWE | ||
CPE | cpe:2.3:a:varnish-cache:varnish-modules_klarlack:*:*:*:*:*:*:*:* cpe:2.3:o:fedoraproject:fedora:34:*:*:*:*:*:*:* |
|
CWE | ||
CVSS |
v2 : v3 : |
v2 : unknown
v3 : unknown |
CVSS |
v2 : v3 : |
v2 : unknown
v3 : unknown |
CPE | cpe:2.3:a:varnish-cache:varnish-modules_klarlack:*:*:*:*:*:*:*:* cpe:2.3:o:fedoraproject:fedora:34:*:*:*:*:*:*:* |
|
CWE | ||
CVSS |
v2 : v3 : |
v2 : unknown
v3 : unknown |
CPE | cpe:2.3:a:varnish-cache:varnish-modules_klarlack:*:*:*:*:*:*:*:* cpe:2.3:o:fedoraproject:fedora:34:*:*:*:*:*:*:* |
|
CVSS |
v2 : v3 : |
v2 : unknown
v3 : unknown |
CVSS |
v2 : v3 : |
v2 : unknown
v3 : unknown |
CPE | cpe:2.3:a:varnish-cache:varnish-modules_klarlack:*:*:*:*:*:*:*:* cpe:2.3:o:fedoraproject:fedora:34:*:*:*:*:*:*:* |
|
CWE | ||
CWE | ||
CVSS |
v2 : v3 : |
v2 : unknown
v3 : unknown |
CPE | cpe:2.3:a:varnish-cache:varnish-modules_klarlack:*:*:*:*:*:*:*:* cpe:2.3:o:fedoraproject:fedora:34:*:*:*:*:*:*:* |
|
CVSS |
v2 : v3 : |
v2 : unknown
v3 : unknown |
CWE | ||
CWE | ||
CPE | cpe:2.3:a:varnish-cache:varnish-modules_klarlack:*:*:*:*:*:*:*:* cpe:2.3:o:fedoraproject:fedora:34:*:*:*:*:*:*:* |
|
CPE | cpe:2.3:a:varnish-cache:varnish-modules_klarlack:*:*:*:*:*:*:*:* cpe:2.3:o:fedoraproject:fedora:34:*:*:*:*:*:*:* |
|
CWE | ||
CVSS |
v2 : v3 : |
v2 : unknown
v3 : unknown |
CPE | cpe:2.3:a:varnish-cache:varnish-modules_klarlack:*:*:*:*:*:*:*:* cpe:2.3:o:fedoraproject:fedora:34:*:*:*:*:*:*:* |
|
CPE | cpe:2.3:a:varnish-cache:varnish-modules_klarlack:*:*:*:*:*:*:*:* cpe:2.3:o:fedoraproject:fedora:34:*:*:*:*:*:*:* |
|
CWE | ||
CVSS |
v2 : v3 : |
v2 : unknown
v3 : unknown |
CPE | cpe:2.3:a:varnish-cache:varnish-modules_klarlack:*:*:*:*:*:*:*:* cpe:2.3:o:fedoraproject:fedora:34:*:*:*:*:*:*:* |
|
CVSS |
v2 : v3 : |
v2 : unknown
v3 : unknown |
CWE | ||
CPE | cpe:2.3:a:varnish-cache:varnish-modules_klarlack:*:*:*:*:*:*:*:* cpe:2.3:o:fedoraproject:fedora:34:*:*:*:*:*:*:* |
|
References |
|
|
CPE | cpe:2.3:a:varnish-cache:varnish-modules_klarlack:*:*:*:*:*:*:*:* cpe:2.3:o:fedoraproject:fedora:34:*:*:*:*:*:*:* |
|
CWE | ||
CVSS |
v2 : v3 : |
v2 : unknown
v3 : unknown |
CVSS |
v2 : v3 : |
v2 : unknown
v3 : unknown |
CWE | ||
CWE | ||
CVSS |
v2 : v3 : |
v2 : unknown
v3 : unknown |
CPE | cpe:2.3:a:varnish-cache:varnish-modules_klarlack:*:*:*:*:*:*:*:* cpe:2.3:o:fedoraproject:fedora:34:*:*:*:*:*:*:* |
16 Mar 2021, 15:22
Type | Values Removed | Values Added |
---|---|---|
New CVE |
Information
Published : 2021-03-16 15:15
Updated : 2023-12-10 13:41
NVD link : CVE-2021-28543
Mitre link : CVE-2021-28543
CVE.ORG link : CVE-2021-28543
JSON object : View
Products Affected
fedoraproject
- fedora
varnish-cache
- varnish-modules
- varnish-modules_klarlack