Alpine: varnish: security update to 4.1.3-r1

high Tenable Self-Hosted Container Security Plugin ID 407451

Description

There are packages installed that are affected by a vulnerability referenced in the following CVE:

- An issue was discovered in Varnish HTTP Cache 4.0.1 through 4.0.4, 4.1.0 through 4.1.7, 5.0.0, and 5.1.0
through 5.1.2. A wrong if statement in the varnishd source code means that particular invalid requests
from the client can trigger an assert, related to an Integer Overflow. This causes the varnishd worker
process to abort and restart, losing the cached contents in the process. An attacker can therefore crash
the varnishd worker process on demand and effectively keep it from serving content - a Denial-of-Service
attack. The specific source-code filename containing the incorrect statement varies across releases.
(CVE-2017-12425)

See Also

https://security.alpinelinux.org/vuln/CVE-2017-12425

Plugin Details

Severity: High

ID: 407451

Version: Revision 1.25

Type: Local

Published: 10/31/2023

Updated: 7/2/2026

Supported Sensors: Agentless Assessment, Tenable Cloud Security, Tenable Self-Hosted Container Security

Risk Information

VPR

Risk Factor: Low

Score: 3

Percentile: 23.18

CVSS v2

Risk Factor: Medium

Base Score: 5

Temporal Score: 3.7

Vector: CVSS2#AV:N/AC:L/Au:N/C:N/I:N/A:P

CVSS Score Source: CVE-2017-12425

CVSS v3

Risk Factor: High

Base Score: 7.5

Temporal Score: 6.5

Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

Temporal Vector: CVSS:3.0/E:U/RL:O/RC:C

Vulnerability Information

Exploit Ease: No known exploits are available

Vulnerability Publication Date: 8/2/2017

Reference Information

CVE: CVE-2017-12425

BID: 100293