NVD脆弱性詳細
Exploit、PoC検索
CVE-2026-40395
概要

Varnish Enterprise before 6.0.16r12 allows a "workspace overflow" denial of service (daemon panic) for shared VCL. The headerplus.write_req0() function from vmod_headerplus updates the underlying req0, which is normally the original read-only request from which req is derived (readable and writable from VCL). This is useful in the active VCL, after amending req, to prepare a refined req0 before switching to a different VCL with the return (vcl(<label>)) action. This is for example how the Varnish Controller operates shared VCL deployments. If the amended req contained too many header fields for req0, this would have resulted in a workspace overflow that would in turn trigger a panic and crash the Varnish Enterprise server. This could be used as a Denial of Service attack vector by malicious clients.

公表日 2026年4月13日5:16
登録日 2026年4月15日11:37
最終更新日 2026年4月17日23:37
CVSS3.1 : HIGH
スコア 7.5
ベクター CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
攻撃元区分(AV) ネットワーク
攻撃条件の複雑さ(AC)
攻撃に必要な特権レベル(PR) 不要
利用者の関与(UI) 不要
影響の想定範囲(S) 変更なし
機密性への影響(C) なし
完全性への影響(I) なし
可用性への影響(A)
影響を受けるソフトウェアの構成
構成1 以上 以下 より上 未満
cpe:2.3:a:varnish-software:varnish_enterprise:*:*:*:*:*:*:*:* 6.0.15
cpe:2.3:a:varnish-software:varnish_enterprise:6.0.16:r1:*:*:*:*:*:*
cpe:2.3:a:varnish-software:varnish_enterprise:6.0.16:r10:*:*:*:*:*:*
cpe:2.3:a:varnish-software:varnish_enterprise:6.0.16:r11:*:*:*:*:*:*
cpe:2.3:a:varnish-software:varnish_enterprise:6.0.16:r2:*:*:*:*:*:*
cpe:2.3:a:varnish-software:varnish_enterprise:6.0.16:r3:*:*:*:*:*:*
cpe:2.3:a:varnish-software:varnish_enterprise:6.0.16:r4:*:*:*:*:*:*
cpe:2.3:a:varnish-software:varnish_enterprise:6.0.16:r5:*:*:*:*:*:*
cpe:2.3:a:varnish-software:varnish_enterprise:6.0.16:r6:*:*:*:*:*:*
cpe:2.3:a:varnish-software:varnish_enterprise:6.0.16:r7:*:*:*:*:*:*
cpe:2.3:a:varnish-software:varnish_enterprise:6.0.16:r8:*:*:*:*:*:*
cpe:2.3:a:varnish-software:varnish_enterprise:6.0.16:r9:*:*:*:*:*:*
関連情報、対策とツール
共通脆弱性一覧