Vulnerability CVE-2017-12425

Vulnerability Name:

CVE-2017-12425 (CCN-130213)

Assigned:

2017-08-01

Published:

2017-08-01

Updated:

2022-08-02

Summary:

An issue was discovered in Varnish HTTP Cache 4.0.1 through 4.0.4, 4.1.0 through 4.1.7, 5.0.0, and 5.1.0 through 5.1.2. A wrong if statement in the varnishd source code means that particular invalid requests from the client can trigger an assert, related to an Integer Overflow. This causes the varnishd worker process to abort and restart, losing the cached contents in the process. An attacker can therefore crash the varnishd worker process on demand and effectively keep it from serving content - a Denial-of-Service attack. The specific source-code filename containing the incorrect statement varies across releases.

CVSS v3 Severity:

7.5 High (CVSS v3.1 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H)
6.5 Medium (Temporal CVSS v3.1 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C)

Exploitability Metrics:	Attack Vector (AV): Network Attack Complexity (AC): Low Privileges Required (PR): None User Interaction (UI): None
Scope:	Scope (S): Unchanged
Impact Metrics:	Confidentiality (C): None Integrity (I): None Availibility (A): High

7.5 High (CCN CVSS v3.1 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H)
6.5 Medium (CCN Temporal CVSS v3.1 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C)

Exploitability Metrics:	Attack Vector (AV): Network Attack Complexity (AC): Low Privileges Required (PR): None User Interaction (UI): None
Scope:	Scope (S): Unchanged
Impact Metrics:	Confidentiality (C): None Integrity (I): None Availibility (A): High

CVSS v2 Severity:

5.0 Medium (CVSS v2 Vector: AV:N/AC:L/Au:N/C:N/I:N/A:P)

Exploitability Metrics:	Access Vector (AV): Network Access Complexity (AC): Low Authentication (Au): None
Impact Metrics:	Confidentiality (C): None Integrity (I): None Availibility (A): Partial

7.8 High (CCN CVSS v2 Vector: AV:N/AC:L/Au:N/C:N/I:N/A:C)

Exploitability Metrics:	Access Vector (AV): Network Access Complexity (AC): Low Athentication (Au): None
Impact Metrics:	Confidentiality (C): None Integrity (I): None Availibility (A): Complete

Vulnerability Type:

CWE-190

Vulnerability Consequences:

Denial of Service

References:

Source: MITRE
Type: CNA
CVE-2017-12425

Source: DEBIAN
Type: UNKNOWN
DSA-3924

Source: CCN
Type: Red Hat Bugzilla Bug 1477222
(CVE-2017-12425) CVE-2017-12425 varnish: Missing check for integer overflow when handling chunk sizes in HTTP requests

Source: CONFIRM
Type: Issue Tracking, Third Party Advisory
https://bugzilla.redhat.com/show_bug.cgi?id=1477222

Source: CONFIRM
Type: Issue Tracking, Third Party Advisory
https://bugzilla.suse.com/show_bug.cgi?id=1051917

Source: XF
Type: UNKNOWN
varnish-cve201712425-dos(130213)

Source: CONFIRM
Type: Third Party Advisory
https://github.com/varnishcache/varnish-cache/issues/2379

Source: CONFIRM
Type: Mailing List, Third Party Advisory
https://lists.debian.org/debian-security-announce/2017/msg00186.html

Source: CCN
Type: Varnish HTTP Cache Security Advisory
VSV00001 DoS vulnerability

Source: CONFIRM
Type: Vendor Advisory
https://www.varnish-cache.org/security/VSV00001.html#vsv00001

Vulnerable Configuration:

Configuration 1:

cpe:/a:varnish-cache:varnish:4.0.3:rc-1:*:*:*:*:*:*

OR cpe:/a:varnish-cache:varnish:4.0.3:rc-2-proper:*:*:*:*:*:*

OR cpe:/a:varnish-cache:varnish:4.0.3:rc-3:*:*:*:*:*:*

OR cpe:/a:varnish-cache:varnish:4.0.2:rc-1:*:*:*:*:*:*

OR cpe:/a:varnish-cache:varnish:4.0.3:rc-2:*:*:*:*:*:*

OR cpe:/a:varnish_cache_project:varnish_cache:4.0.1:*:*:*:*:*:*:*

OR cpe:/a:varnish_cache_project:varnish_cache:4.0.4:*:*:*:*:*:*:*

OR cpe:/a:varnish_cache_project:varnish_cache:4.0.3:*:*:*:*:*:*:*

OR cpe:/a:varnish_cache_project:varnish_cache:4.0.2:*:*:*:*:*:*:*

Configuration 2:

cpe:/a:varnish-cache:varnish:4.1.0:*:*:*:*:*:*:*

OR cpe:/a:varnish-software:varnish_cache:4.1.0:technology_preview1:*:*:*:*:*:*

OR cpe:/a:varnish-software:varnish_cache:4.1.2:beta1:*:*:*:*:*:*

OR cpe:/a:varnish-software:varnish_cache:4.1.1:beta2:*:*:*:*:*:*

OR cpe:/a:varnish-software:varnish_cache:4.1.4:beta1:*:*:*:*:*:*

OR cpe:/a:varnish-software:varnish_cache:4.1.0:beta1:*:*:*:*:*:*

OR cpe:/a:varnish-software:varnish_cache:4.1.3:beta1:*:*:*:*:*:*

OR cpe:/a:varnish-software:varnish_cache:4.1.5:beta2:*:*:*:*:*:*

OR cpe:/a:varnish-software:varnish_cache:4.1.6:*:*:*:*:*:*:*

OR cpe:/a:varnish-software:varnish_cache:4.1.4:beta2:*:*:*:*:*:*

OR cpe:/a:varnish-software:varnish_cache:4.1.4:*:*:*:*:*:*:*

OR cpe:/a:varnish-software:varnish_cache:4.1.5:*:*:*:*:*:*:*

OR cpe:/a:varnish-software:varnish_cache:4.1.2:beta2:*:*:*:*:*:*

OR cpe:/a:varnish-software:varnish_cache:4.1.1:*:*:*:*:*:*:*

OR cpe:/a:varnish-software:varnish_cache:4.1.3:beta2:*:*:*:*:*:*

OR cpe:/a:varnish-software:varnish_cache:4.1.2:*:*:*:*:*:*:*

OR cpe:/a:varnish-software:varnish_cache:4.1.3:*:*:*:*:*:*:*

OR cpe:/a:varnish-software:varnish_cache:4.1.1:beta1:*:*:*:*:*:*

OR cpe:/a:varnish-software:varnish_cache:4.1.4:beta3:*:*:*:*:*:*

OR cpe:/a:varnish-software:varnish_cache:4.1.5:beta1:*:*:*:*:*:*

OR cpe:/a:varnish-software:varnish_cache:4.1.7:*:*:*:*:*:*:*

Configuration 3:

cpe:/a:varnish_cache_project:varnish_cache:5.1.0:*:*:*:*:*:*:*

OR cpe:/a:varnish_cache_project:varnish_cache:5.0.0:*:*:*:*:*:*:*

OR cpe:/a:varnish_cache_project:varnish_cache:5.1.1:*:*:*:*:*:*:*

OR cpe:/a:varnish_cache_project:varnish_cache:5.1.2:*:*:*:*:*:*:*

Denotes that component is vulnerable

Oval Definitions

Definition ID	Class	Title	Last Modified
oval:com.ubuntu.trusty:def:201712425000	V	CVE-2017-12425 on Ubuntu 14.04 LTS (trusty) - medium.	2017-08-04
oval:com.ubuntu.xenial:def:201712425000	V	CVE-2017-12425 on Ubuntu 16.04 LTS (xenial) - medium.	2017-08-04
oval:com.ubuntu.xenial:def:2017124250000000	V	CVE-2017-12425 on Ubuntu 16.04 LTS (xenial) - medium.	2017-08-04

BACK