CVE-2021-36740

Name
CVE-2021-36740
Description
Varnish Cache, with HTTP/2 enabled, allows request smuggling and VCL authorization bypass via a large Content-Length header for a POST request. This affects Varnish Enterprise 6.0.x before 6.0.8r3, and Varnish Cache 5.x and 6.x before 6.5.2, 6.6.x before 6.6.1, and 6.0 LTS before 6.0.8.
NVD Severity
medium
Other trackers
Mailing lists
Exploits
Forges
GitHub (code, issues), Aports (code, issues)

References

Type URI
MISC https://github.com/varnishcache/varnish-cache/commit/82b0a629f60136e76112c6f2c6372cce77b683be
MISC https://github.com/varnishcache/varnish-cache/commit/9be22198e258d0e7a5c41f4291792214a29405cf
MISC https://docs.varnish-software.com/security/VSV00007/
MISC https://varnish-cache.org/security/VSV00007.html
Third Party Advisory https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/ZHBNLDEOTGYRIEQZBWV7F6VPYS4O2AAK/
Third Party Advisory https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/THV2DQA2GS65HUCKK4KSD2XLN3AAQ2V5/
DEBIAN https://www.debian.org/security/2022/dsa-5088

Match rules

CPE URI Source package Min version Max version
cpe:2.3:a:varnish-cache:varnish_cache:*:*:*:*:*:*:*:* varnish_cache >= 5.0.0 <= 5.2.1
cpe:2.3:a:varnish-cache:varnish_cache:*:*:*:*:*:*:*:* varnish_cache >= 6.0.0 <= 6.0.5
cpe:2.3:a:varnish-cache:varnish_cache:*:*:*:*:lts:*:*:* varnish_cache >= 6.0.0 <= 6.0.7
cpe:2.3:a:varnish-cache:varnish_cache:*:*:*:*:plus:*:*:* varnish_cache >= 6.0.0 < 6.0.8
cpe:2.3:a:varnish-cache:varnish_cache:6.0.8:r1:*:*:plus:*:*:* varnish_cache == None == 6.0.8
cpe:2.3:a:varnish-cache:varnish_cache:*:*:*:*:*:*:*:* varnish_cache >= 6.1.0 <= 6.6.0

Vulnerable and fixed packages

Source package Branch Version Maintainer Status
varnish 3.11-main 6.5.2-r0 Natanael Copa <ncopa@alpinelinux.org> fixed