Main Vulnerability Database SB20170807103

SB20170807103 - Integer overflow in varnish (Alpine package)

Published: August 7, 2017

Security Bulletin ID SB20170807103

Severity

Medium

Patch available

YES

Number of vulnerabilities 1

Exploitation vector Remote access

Highest impact Denial of service

Breakdown by Severity

Low
Medium
High
Critical

Description

This security bulletin contains information about 1 security vulnerability.

1) Integer overflow (CVE-ID: CVE-2017-12425)

The vulnerability allows a remote attacker to perform denial of service attack.

The vulnerability exists due to integer overflow when processing HTTP requests. A remote attacker can send a specially crafted HTTP request, trigger integer overflow and restart the caching server.

Successful exploitation of this vulnerability may allow an attacker to perform denial if service (DoS) attack.

Remediation

Install update from vendor's website.

References

https://git.alpinelinux.org/aports/commit/?id=67b7be458895eb0d8faab3d9b232ec040e11ef26
https://git.alpinelinux.org/aports/commit/?id=2fa274fe2c593821cb7d12715f6cd77210ee6348
https://git.alpinelinux.org/aports/commit/?id=6de195054a46f2c336e6928317843c55e74fc1f0
https://git.alpinelinux.org/aports/commit/?id=784f03748a63ed8dec1d2de19bde5e67779d674b
https://git.alpinelinux.org/aports/commit/?id=7bd56d3d21028471bc6916a522fb6d369cafb692
https://git.alpinelinux.org/aports/commit/?id=197458f95715a3d3cc12e0d91dbc9204d0363e30
https://git.alpinelinux.org/aports/commit/?id=8b9aa79be80b56a3212696b17aee6af7d8b0c697
https://git.alpinelinux.org/aports/commit/?id=93e7d3d075f512a131d626b06cc1b632720e9076
https://git.alpinelinux.org/aports/commit/?id=9adf50a5484a229990c7270fdaf95aae93386760
https://git.alpinelinux.org/aports/commit/?id=bd81d30ba09a68c75d606d4535b4dae565e701d7