Description
vbf_stp_error in bin/varnishd/cache/cache_fetch.c in Varnish HTTP Cache 4.1.x before 4.1.9 and 5.x before 5.2.1 allows remote attackers to obtain sensitive information from process memory because a VFP_GetStorage buffer is larger than intended in certain circumstances involving -sfile Stevedore transient objects.
Remediation
References
Related Vulnerabilities
Jboss EAP Allocation of Resources Without Limits or Throttling Vulnerability (CVE-2019-9514)
Oracle JRE CVE-2019-2983 Vulnerability (CVE-2019-2983)
MediaWiki Incorrect Permission Assignment for Critical Resource Vulnerability (CVE-2021-30156)
Moodle Exposure of Sensitive Information to an Unauthorized Actor Vulnerability (CVE-2009-4300)
WordPress Plugin Simple Banner Cross-Site Scripting (2.11.0)