Vulnerability Information
Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
N/A
Vulnerability Description
Varnish Cache 9 before 9.0.1 and Varnish Enterprise before 6.0.16r11 allows a "workspace overflow" denial of service (daemon panic) for certain amounts of prefetched data. The setup of an HTTP/2 session starts with a speculative HTTP/1 transport, and upon upgrading to h2 the HTTP/1 request is repurposed as stream zero. During the upgrade, a buffer allocation is made to reserve space to send frames to the client. This allocation would split the original workspace, and depending on the amount of prefetched data, the next fetch could perform a pipelining operation that would run out of workspace.
CVSS Information
CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:N/I:N/A:L
Vulnerability Type
控制流实现总是不正确
Vulnerability Title
Varnish Cache和Varnish Enterprise 安全漏洞
Vulnerability Description
Varnish Cache和Varnish Enterprise都是Varnish公司的产品。Varnish Cache是一套反向网站缓存服务器。Varnish Enterprise是一款高性能的缓存软件。用于处理高流量、优化业务。 Varnish Cache 9.0.1之前版本和Varnish Enterprise 6.0.16r11之前版本存在安全漏洞,该漏洞源于特定数量的预取数据可能导致工作空间溢出拒绝服务。
CVSS Information
N/A
Vulnerability Type
N/A