vbf_stp_error in bin/varnishd/cache/cache_fetch.c in Varnish HTTP Cache 4.1.x before 4.1.9 and 5.x before 5.2.1 allows remote attackers to obtain sensitive information from process memory because a VFP_GetStorage buffer is larger than intended in certain circumstances involving -sfile Stevedore transient objects.
CPE | Name | Operator | Version |
---|---|---|---|
debian_linux | eq | 9.0 | |
varnish | ge | 4.1.0 | |
varnish | lt | 4.1.9 | |
varnish_cache | ge | 5.0.0 | |
varnish_cache | lt | 5.2.1 |