FreeBSD VuXML: Documenting security issues in FreeBSD and the FreeBSD Ports Collection

varnish -- information disclosure vulnerability

Affected packages
varnish4 < 4.1.9
varnish5 < 5.2.1

Details

VuXML ID 17133e7e-d764-11e7-b5af-a4badb2f4699
Discovery 2017-11-15
Entry 2017-12-02

Varnish reports:

A wrong if statement in the varnishd source code means that synthetic objects in stevedores which over-allocate, may leak up to page size of data from a malloc(3) memory allocation.

References

CVE Name CVE-2017-8807
URL https://varnish-cache.org/security/VSV00002.html