CVE-2017-12425

Source
Severity High
Remote Yes
Type Denial of service
Description
A remote, non-authenticated denial of service has been found in varnish < 5.1.3. A wrong if statement in the varnishd source code can trigger an assert when processing invalid requests from the client. This causes the varnishd worker process to abort and restart, losing the cached contents in the process.
Group Package Affected Fixed Severity Status Ticket
AVG-374 varnish 5.1.2-1 5.1.3-1 High Fixed
Date Advisory Group Package Severity Description
10 Aug 2017 ASA-201708-4 AVG-374 varnish High denial of service
References
https://varnish-cache.org/security/VSV00001.html#vsv00001