Back to bug 1477222
| Who | When | What | Removed | Added |
|---|---|---|---|---|
| Adam Mariš | 2017-08-01 13:50:47 UTC | CC | security-response-team | |
| Adam Mariš | 2017-08-01 14:37:14 UTC | Depends On | 1476784 | |
| Adam Mariš | 2017-08-01 14:45:35 UTC | Blocks | 1477246 | |
| Dhiru Kholia | 2017-08-02 05:44:07 UTC | Doc Text | An integer overflow flaw, leading to assertion failure, was found in the way Varnish handled chunk sizes in HTTP requests. A remote attacker could use this flaw to make Varnish daemon restart unexpectedly due to an assertion failure by sending a specially crafted HTTP request. | |
| Dhiru Kholia | 2017-08-02 05:54:55 UTC | Whiteboard | impact=moderate,public=20170802,reported=20170731,source=upstream,cvss3=5.3/CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L,cwe=CWE-190,rhscl-2/rh-varnish4-varnish=new,fedora-all/varnish=affected,epel-all/varnish=affected | impact=moderate,public=20170802,reported=20170731,source=upstream,cvss3=5.3/CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L,cwe=CWE-190,rhscl-2/rh-varnish4-varnish=wontfix,fedora-all/varnish=affected,epel-all/varnish=affected |
| Dhiru Kholia | 2017-08-02 07:03:12 UTC | CC | dkholia | |
| Eric Christensen | 2017-08-02 13:17:04 UTC | Doc Text | An integer overflow flaw, leading to assertion failure, was found in the way Varnish handled chunk sizes in HTTP requests. A remote attacker could use this flaw to make Varnish daemon restart unexpectedly due to an assertion failure by sending a specially crafted HTTP request. | An integer overflow flaw, leading to assertion failure, was found in the way Varnish handled chunk sizes in HTTP requests. A remote attacker could use this flaw to make the Varnish daemon restart unexpectedly due to an assertion failure by sending a specially crafted HTTP request. |
| Adam Mariš | 2017-08-02 16:11:51 UTC | Group | security, qe_staff | |
| CC | ingvar | |||
| Summary | EMBARGOED varnish: Missing check for integer overflow when handling chunk sizes in HTTP requests | varnish: Missing check for integer overflow when handling chunk sizes in HTTP requests | ||
| Adam Mariš | 2017-08-02 16:12:27 UTC | Depends On | 1477698, 1477699 | |
| Adam Mariš | 2017-08-02 16:13:39 UTC | Fixed In Version | varnish 4.0.5, varnish 4.1.8, varnish 5.1.3 | |
| Salvatore Bonaccorso | 2017-08-02 20:30:50 UTC | CC | carnil | |
| Adam Mariš | 2017-08-04 10:14:18 UTC | Summary | varnish: Missing check for integer overflow when handling chunk sizes in HTTP requests | CVE-2017-12425 varnish: Missing check for integer overflow when handling chunk sizes in HTTP requests |
| Alias | CVE-2017-12425 | |||
| Dhiru Kholia | 2017-08-08 05:20:14 UTC | Status | NEW | CLOSED |
| Resolution | --- | WONTFIX | ||
| Last Closed | 2017-08-08 01:20:14 UTC | |||
| Product Security DevOps Team | 2019-09-29 14:18:19 UTC | Whiteboard | impact=moderate,public=20170802,reported=20170731,source=upstream,cvss3=5.3/CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L,cwe=CWE-190,rhscl-2/rh-varnish4-varnish=wontfix,fedora-all/varnish=affected,epel-all/varnish=affected |
Back to bug 1477222