CVE-2021-28543

Varnish varnish-modules before 0.17.1 allows remote attackers to cause a denial of service (daemon restart) in some configurations. This does not affect organizations that only install the Varnish Cache product; however, it is common to install both Varnish Cache and varnish-modules. Specifically, an assertion failure or NULL pointer dereference can be triggered in Varnish Cache through the varnish-modules header.append() and header.copy() functions. For some Varnish Configuration Language (VCL) files, this gives remote clients an opportunity to cause a Varnish Cache restart. A restart reduces overall availability and performance due to an increased number of cache misses, and may cause higher load on backend servers.

CVSS v3 7.5 HIGH
CVSS v2.0 5.0 MEDIUM

7.5^/10

CVSS v3 : HIGH

Vector :

Exploitability : 3.9 / Impact : 3.6

Attack Vector NETWORK

Attack Complexity LOW

Privileges Required NONE

User Interaction NONE

Confidentiality Impact NONE

Integrity Impact NONE

Availability Impact HIGH

Scope UNCHANGED

5.0^/10

CVSS v2.0 : MEDIUM

Vector : AV:N/AC:L/Au:N/C:N/I:N/A:P

Exploitability : 10.0 / Impact : 2.9

Access Vector NETWORK

Access Complexity LOW

Authentication NONE

Confidentiality Impact NONE

Integrity Impact NONE

Availability Impact PARTIAL

References

Link	Resource
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/OPFBRQUJNWHCB3GQHSSAPRLQU6Q6PY43/
https://varnish-cache.org/security/VSV00006.html	Vendor Advisory

Configurations

Configuration 1 (hide)

OR	cpe:2.3:a:varnish-cache:varnish-modules::::::::
	cpe:2.3:a:varnish-cache:varnish-modules_klarlack::::::::

Configuration 2 (hide)

cpe:2.3:o:fedoraproject:fedora:34:*:*:*:*:*:*:*

History

No history.

Information

Published : 2021-03-16 15:15

Updated : 2024-02-04 21:23

NVD link : CVE-2021-28543

Mitre link : CVE-2021-28543

CVE.ORG link : CVE-2021-28543

JSON object : View

Products Affected

varnish-cache

varnish-modules_klarlack
varnish-modules

fedoraproject

fedora

CWE

CWE-476

NULL Pointer Dereference

CWE-617

Reachable Assertion

{"id": "CVE-2021-28543", "metrics": {"cvssMetricV2": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"version": "2.0", "baseScore": 5.0, "accessVector": "NETWORK", "vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P", "authentication": "NONE", "integrityImpact": "NONE", "accessComplexity": "LOW", "availabilityImpact": "PARTIAL", "confidentialityImpact": "NONE"}, "acInsufInfo": false, "impactScore": 2.9, "baseSeverity": "MEDIUM", "obtainAllPrivilege": false, "exploitabilityScore": 10.0, "obtainUserPrivilege": false, "obtainOtherPrivilege": false, "userInteractionRequired": false}], "cvssMetricV31": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 7.5, "attackVector": "NETWORK", "baseSeverity": "HIGH", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "integrityImpact": "NONE", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "HIGH", "privilegesRequired": "NONE", "confidentialityImpact": "NONE"}, "impactScore": 3.6, "exploitabilityScore": 3.9}, {"type": "Secondary", "source": "cve@mitre.org", "cvssData": {"scope": "CHANGED", "version": "3.1", "baseScore": 4.0, "attackVector": "NETWORK", "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:N/I:N/A:L", "integrityImpact": "NONE", "userInteraction": "NONE", "attackComplexity": "HIGH", "availabilityImpact": "LOW", "privilegesRequired": "NONE", "confidentialityImpact": "NONE"}, "impactScore": 1.4, "exploitabilityScore": 2.2}]}, "published": "2021-03-16T15:15:13.843", "references": [{"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/OPFBRQUJNWHCB3GQHSSAPRLQU6Q6PY43/", "source": "cve@mitre.org"}, {"url": "https://varnish-cache.org/security/VSV00006.html", "tags": ["Vendor Advisory"], "source": "cve@mitre.org"}], "vulnStatus": "Modified", "weaknesses": [{"type": "Primary", "source": "nvd@nist.gov", "description": [{"lang": "en", "value": "CWE-476"}, {"lang": "en", "value": "CWE-617"}]}], "descriptions": [{"lang": "en", "value": "Varnish varnish-modules before 0.17.1 allows remote attackers to cause a denial of service (daemon restart) in some configurations. This does not affect organizations that only install the Varnish Cache product; however, it is common to install both Varnish Cache and varnish-modules. Specifically, an assertion failure or NULL pointer dereference can be triggered in Varnish Cache through the varnish-modules header.append() and header.copy() functions. For some Varnish Configuration Language (VCL) files, this gives remote clients an opportunity to cause a Varnish Cache restart. A restart reduces overall availability and performance due to an increased number of cache misses, and may cause higher load on backend servers."}, {"lang": "es", "value": "Varnish varnish-modules versiones anteriores a 0.17.1, permite a atacantes remotos causar una denegaci\u00f3n de servicio (reinicio del demonio) en algunas configuraciones. Esto no afecta a organizaciones que solo instalan el producto Varnish Cache; sin embargo, es com\u00fan instalar tanto Varnish Cache como varnish-modules. Espec\u00edficamente, un error de aserci\u00f3n o desreferencia del puntero NULL se puede activar en Varnish Cache por medio de las funciones header.append() y header.copy() de varnish-modules. Para algunos archivos de Varnish Configuration Language (VCL), esto brinda a clientes remotos la oportunidad de causar un reinicio de Varnish Cache. Un reinicio reduce la disponibilidad y el rendimiento general debido a un mayor n\u00famero de p\u00e9rdidas de cach\u00e9 y puede causar una mayor carga en los servidores de backend"}], "lastModified": "2023-11-07T03:32:09.663", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:varnish-cache:varnish-modules:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "7EF31F4C-6C1C-4774-9D64-C288CB059C15", "versionEndExcluding": "0.17.1"}, {"criteria": "cpe:2.3:a:varnish-cache:varnish-modules_klarlack:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "6E98D45B-7CBC-432F-B40E-DC9C67B07667", "versionEndExcluding": "0.17.1"}], "operator": "OR"}]}, {"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:o:fedoraproject:fedora:34:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "A930E247-0B43-43CB-98FF-6CE7B8189835"}], "operator": "OR"}]}], "sourceIdentifier": "cve@mitre.org"}