CVE-2017-8807

Priority
Description
vbf_stp_error in bin/varnishd/cache/cache_fetch.c in Varnish HTTP Cache
4.1.x before 4.1.9 and 5.x before 5.2.1 allows remote attackers to obtain
sensitive information from process memory because a VFP_GetStorage buffer
is larger than intended in certain circumstances involving -sfile Stevedore
transient objects.
Ubuntu-Description
It was discovered that Varnish incorrectly handled certain inputs. A remote
attacker could possibly use this issue to obtain sensitive information.
Notes
Package
Upstream:released (5.2.1-1)
Ubuntu 18.04 LTS:not-affected (5.2.1-1)
Ubuntu 20.04 LTS:not-affected (5.2.1-1)
Ubuntu 21.10:not-affected (5.2.1-1)
Ubuntu 22.04 LTS:not-affected (5.2.1-1)
Ubuntu 14.04 ESM:not-affected (code not present)
Patches:
More Information

Updated: 2022-04-25 00:22:38 UTC (commit ecc1009cb19540b950de59270950018900f37f15)