Vulnerabilities (CVE)

Filtered by vendor Varnish-cache Subscribe
Filtered by product Varnish-modules
Total 1 CVE
CVE Vendors Products Updated CVSS v2 CVSS v3
CVE-2021-28543 2 Fedoraproject, Varnish-cache 3 Fedora, Varnish-modules, Varnish-modules Klarlack 2024-11-21 5.0 MEDIUM 4.0 MEDIUM
Varnish varnish-modules before 0.17.1 allows remote attackers to cause a denial of service (daemon restart) in some configurations. This does not affect organizations that only install the Varnish Cache product; however, it is common to install both Varnish Cache and varnish-modules. Specifically, an assertion failure or NULL pointer dereference can be triggered in Varnish Cache through the varnish-modules header.append() and header.copy() functions. For some Varnish Configuration Language (VCL) files, this gives remote clients an opportunity to cause a Varnish Cache restart. A restart reduces overall availability and performance due to an increased number of cache misses, and may cause higher load on backend servers.