CVE-2017-8807 - OpenCVE

vbf_stp_error in bin/varnishd/cache/cache_fetch.c in Varnish HTTP Cache 4.1.x before 4.1.9 and 5.x before 5.2.1 allows remote attackers to obtain sensitive information from process memory because a VFP_GetStorage buffer is larger than intended in certain circumstances involving -sfile Stevedore transient objects.

Attack Vector Network

Attack Complexity Low

Privileges Required None

Scope Unchanged

Confidentiality Impact High

Integrity Impact None

Availability Impact High

User Interaction None

No CVSS v3.0

Access Vector Network

Access Complexity Low

Authentication None

Confidentiality Impact Partial

Integrity Impact None

Availability Impact Partial

AV:N/AC:L/Au:N/C:P/I:N/A:P

Vendors & Products
CPE Configurations

Vendors	Products
Varnish-cache	Varnish
Debian	Debian Linux
Varnish Cache Project	Varnish Cache

Configuration 1 [-]

OR	cpe:2.3:a:varnish-cache:varnish::::::::
	cpe:2.3:a:varnish_cache_project:varnish_cache::::::::

Configuration 2 [-]

cpe:2.3:o:debian:debian_linux:9.0:*:*:*:*:*:*:*

References

Link	Resource
http://varnish-cache.org/security/VSV00002.html	Patch Vendor Advisory
http://www.securityfocus.com/bid/101886	Third Party Advisory VDB Entry
https://bugs.debian.org/881808	Issue Tracking Third Party Advisory
https://github.com/varnishcache/varnish-cache/commit/176f8a075a963ffbfa56f1c460c15f6a1a6af5a7	Patch Vendor Advisory
https://github.com/varnishcache/varnish-cache/pull/2429	Issue Tracking Vendor Advisory
https://www.debian.org/security/2017/dsa-4034	Third Party Advisory

History

No history.

MITRE Information

Status: PUBLISHED

Assigner: debian

Published: 2017-11-16T02:00:00

Updated: 2017-11-21T10:57:01

Reserved: 2017-05-07T00:00:00

Link: CVE-2017-8807

JSON object: View

NVD Information

Status : Analyzed

Published: 2017-11-16T02:29:05.660

Modified: 2022-08-02T16:29:08.070

Link: CVE-2017-8807

JSON object: View

Redhat Information

No data.

CWE

CWE-119

{"containers": {"cna": {"affected": [{"product": "Varnish HTTP Cache 4.1.x before 4.1.9 and 5.x before 5.2.1", "vendor": "n/a", "versions": [{"status": "affected", "version": "Varnish HTTP Cache 4.1.x before 4.1.9 and 5.x before 5.2.1"}]}], "datePublic": "2017-11-15T00:00:00", "descriptions": [{"lang": "en", "value": "vbf_stp_error in bin/varnishd/cache/cache_fetch.c in Varnish HTTP Cache 4.1.x before 4.1.9 and 5.x before 5.2.1 allows remote attackers to obtain sensitive information from process memory because a VFP_GetStorage buffer is larger than intended in certain circumstances involving -sfile Stevedore transient objects."}], "problemTypes": [{"descriptions": [{"description": "memory disclosure", "lang": "en", "type": "text"}]}], "providerMetadata": {"dateUpdated": "2017-11-21T10:57:01", "orgId": "79363d38-fa19-49d1-9214-5f28da3f3ac5", "shortName": "debian"}, "references": [{"tags": ["x_refsource_CONFIRM"], "url": "https://bugs.debian.org/881808"}, {"tags": ["x_refsource_CONFIRM"], "url": "http://varnish-cache.org/security/VSV00002.html"}, {"tags": ["x_refsource_CONFIRM"], "url": "https://github.com/varnishcache/varnish-cache/pull/2429"}, {"tags": ["x_refsource_CONFIRM"], "url": "https://github.com/varnishcache/varnish-cache/commit/176f8a075a963ffbfa56f1c460c15f6a1a6af5a7"}, {"name": "DSA-4034", "tags": ["vendor-advisory", "x_refsource_DEBIAN"], "url": "https://www.debian.org/security/2017/dsa-4034"}, {"name": "101886", "tags": ["vdb-entry", "x_refsource_BID"], "url": "http://www.securityfocus.com/bid/101886"}], "x_legacyV4Record": {"CVE_data_meta": {"ASSIGNER": "security@debian.org", "ID": "CVE-2017-8807", "STATE": "PUBLIC"}, "affects": {"vendor": {"vendor_data": [{"product": {"product_data": [{"product_name": "Varnish HTTP Cache 4.1.x before 4.1.9 and 5.x before 5.2.1", "version": {"version_data": [{"version_value": "Varnish HTTP Cache 4.1.x before 4.1.9 and 5.x before 5.2.1"}]}}]}, "vendor_name": "n/a"}]}}, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": {"description_data": [{"lang": "eng", "value": "vbf_stp_error in bin/varnishd/cache/cache_fetch.c in Varnish HTTP Cache 4.1.x before 4.1.9 and 5.x before 5.2.1 allows remote attackers to obtain sensitive information from process memory because a VFP_GetStorage buffer is larger than intended in certain circumstances involving -sfile Stevedore transient objects."}]}, "problemtype": {"problemtype_data": [{"description": [{"lang": "eng", "value": "memory disclosure"}]}]}, "references": {"reference_data": [{"name": "https://bugs.debian.org/881808", "refsource": "CONFIRM", "url": "https://bugs.debian.org/881808"}, {"name": "http://varnish-cache.org/security/VSV00002.html", "refsource": "CONFIRM", "url": "http://varnish-cache.org/security/VSV00002.html"}, {"name": "https://github.com/varnishcache/varnish-cache/pull/2429", "refsource": "CONFIRM", "url": "https://github.com/varnishcache/varnish-cache/pull/2429"}, {"name": "https://github.com/varnishcache/varnish-cache/commit/176f8a075a963ffbfa56f1c460c15f6a1a6af5a7", "refsource": "CONFIRM", "url": "https://github.com/varnishcache/varnish-cache/commit/176f8a075a963ffbfa56f1c460c15f6a1a6af5a7"}, {"name": "DSA-4034", "refsource": "DEBIAN", "url": "https://www.debian.org/security/2017/dsa-4034"}, {"name": "101886", "refsource": "BID", "url": "http://www.securityfocus.com/bid/101886"}]}}}}, "cveMetadata": {"assignerOrgId": "79363d38-fa19-49d1-9214-5f28da3f3ac5", "assignerShortName": "debian", "cveId": "CVE-2017-8807", "datePublished": "2017-11-16T02:00:00", "dateReserved": "2017-05-07T00:00:00", "dateUpdated": "2017-11-21T10:57:01", "state": "PUBLISHED"}, "dataType": "CVE_RECORD", "dataVersion": "5.0"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:varnish-cache:varnish:*:*:*:*:*:*:*:*", "matchCriteriaId": "0870F626-489C-4652-9D6E-6914226A1ED4", "versionEndExcluding": "4.1.9", "versionStartIncluding": "4.1.0", "vulnerable": true}, {"criteria": "cpe:2.3:a:varnish_cache_project:varnish_cache:*:*:*:*:*:*:*:*", "matchCriteriaId": "4E9ADE7F-7963-4A1A-9C57-1880888D23EB", "versionEndExcluding": "5.2.1", "versionStartIncluding": "5.0.0", "vulnerable": true}], "negate": false, "operator": "OR"}]}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:debian:debian_linux:9.0:*:*:*:*:*:*:*", "matchCriteriaId": "DEECE5FC-CACF-4496-A3E7-164736409252", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "descriptions": [{"lang": "en", "value": "vbf_stp_error in bin/varnishd/cache/cache_fetch.c in Varnish HTTP Cache 4.1.x before 4.1.9 and 5.x before 5.2.1 allows remote attackers to obtain sensitive information from process memory because a VFP_GetStorage buffer is larger than intended in certain circumstances involving -sfile Stevedore transient objects."}, {"lang": "es", "value": "vbf_stp_error en bin/varnishd/cache/cache_fetch.c en Varnish HTTP Cache en versiones 4.1.x anteriores a la 4.1.9 y las versiones 5.x anteriores a la 5.2.1 permite que atacantes remotos obtengan informaci\u00f3n sensible de la memoria de procesos debido a que un b\u00fafer VFP_GetStorage es m\u00e1s grande de lo planeado en ciertas circunstancias relacionadas con objetos transitorios -sfile Stevedore."}], "id": "CVE-2017-8807", "lastModified": "2022-08-02T16:29:08.070", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "MEDIUM", "cvssData": {"accessComplexity": "LOW", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "PARTIAL", "baseScore": 6.4, "confidentialityImpact": "PARTIAL", "integrityImpact": "NONE", "vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:P", "version": "2.0"}, "exploitabilityScore": 10.0, "impactScore": 4.9, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": false}], "cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 9.1, "baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:H", "version": "3.1"}, "exploitabilityScore": 3.9, "impactScore": 5.2, "source": "nvd@nist.gov", "type": "Primary"}]}, "published": "2017-11-16T02:29:05.660", "references": [{"source": "security@debian.org", "tags": ["Patch", "Vendor Advisory"], "url": "http://varnish-cache.org/security/VSV00002.html"}, {"source": "security@debian.org", "tags": ["Third Party Advisory", "VDB Entry"], "url": "http://www.securityfocus.com/bid/101886"}, {"source": "security@debian.org", "tags": ["Issue Tracking", "Third Party Advisory"], "url": "https://bugs.debian.org/881808"}, {"source": "security@debian.org", "tags": ["Patch", "Vendor Advisory"], "url": "https://github.com/varnishcache/varnish-cache/commit/176f8a075a963ffbfa56f1c460c15f6a1a6af5a7"}, {"source": "security@debian.org", "tags": ["Issue Tracking", "Vendor Advisory"], "url": "https://github.com/varnishcache/varnish-cache/pull/2429"}, {"source": "security@debian.org", "tags": ["Third Party Advisory"], "url": "https://www.debian.org/security/2017/dsa-4034"}], "sourceIdentifier": "security@debian.org", "vulnStatus": "Analyzed", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-119"}], "source": "nvd@nist.gov", "type": "Primary"}]}