CVE-2017-12425

An issue was discovered in Varnish HTTP Cache 4.0.1 through 4.0.4, 4.1.0
through 4.1.7, 5.0.0, and 5.1.0 through 5.1.2. A wrong if statement in the
varnishd source code means that particular invalid requests from the client
can trigger an assert, related to an Integer Overflow. This causes the
varnishd worker process to abort and restart, losing the cached contents in
the process. An attacker can therefore crash the varnishd worker process on
demand and effectively keep it from serving content - a Denial-of-Service
attack. The specific source-code filename containing the incorrect
statement varies across releases.

Bugs

• <http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=870467&gt;
• <https://bugzilla.redhat.com/show_bug.cgi?id=1477222&gt;
• <https://bugzilla.suse.com/show_bug.cgi?id=1051917&gt;
• <https://bugs.launchpad.net/bugs/1708354&gt;