cvedb.io
CVE-2017-12425
HIGH · CVSS 7.5
EPSS exploitation probability: 0%
Published 2017-08-04T09:29:00.237 · Last modified 2026-06-17T01:03:16.887

Summary

An issue was discovered in Varnish HTTP Cache 4.0.1 through 4.0.4, 4.1.0 through 4.1.7, 5.0.0, and 5.1.0 through 5.1.2. A wrong if statement in the varnishd source code means that particular invalid requests from the client can trigger an assert, related to an Integer Overflow. This causes the varnishd worker process to abort and restart, losing the cached contents in the process. An attacker can therefore crash the varnishd worker process on demand and effectively keep it from serving content - a Denial-of-Service attack. The specific source-code filename containing the incorrect statement varies across releases.

Affected products

varnish-cache — varnish

Does this affect you?

Add your gear to cvedb and we'll alert you only when varnish-cache ships something exploited.

Check my exposure →

References

This product uses data from the NVD API but is not endorsed or certified by the NVD. Informational only; not professional security advice.