CVE-2021-28543

Published: Mar 16, 2021

Modified: Aug 3, 2024

PUBLISHED

CVSS v3.1

4.0

MEDIUM

Description

Varnish varnish-modules before 0.17.1 allows remote attackers to cause a denial of service (daemon restart) in some configurations. This does not affect organizations that only install the Varnish Cache product; however, it is common to install both Varnish Cache and varnish-modules. Specifically, an assertion failure or NULL pointer dereference can be triggered in Varnish Cache through the varnish-modules header.append() and header.copy() functions. For some Varnish Configuration Language (VCL) files, this gives remote clients an opportunity to cause a Varnish Cache restart. A restart reduces overall availability and performance due to an increased number of cache misses, and may cause higher load on backend servers.

Vendor	Product	Versions
n/a	n/a	affected `n/a`

CVSS v3.1 Details

CVSS v3.1 Vector

CVSS:3.1/AC:H/AV:N/A:L/C:N/I:N/PR:N/S:C/UI:N

Attack Complexity

High

Attack Vector

Network

Availability

Low

Confidentiality

None

Integrity

None

Privileges Required

None

Scope

Changed

User Interaction

None

References

https://varnish-cache.org/security/VSV00006.html

x_refsource_MISC

FEDORA-2021-2ad352ec70

vendor-advisory

x_refsource_FEDORA

Security Training

Train your team to recognize and prevent security threats with our comprehensive security awareness program.

Start Training

Vulnerability Scanning

Discover vulnerabilities in your applications and infrastructure before attackers do.

Scan Now

CVE-2021-28543

Description

Affected Products

CVSS v3.1 Details

References