Description
vbf_stp_error in bin/varnishd/cache/cache_fetch.c in Varnish HTTP Cache 4.1.x before 4.1.9 and 5.x before 5.2.1 allows remote attackers to obtain sensitive information from process memory because a VFP_GetStorage buffer is larger than intended in certain circumstances involving -sfile Stevedore transient objects.
Remediation
References
Related Vulnerabilities
MySQL CVE-2015-2617 Vulnerability (CVE-2015-2617)
Drupal Core 7.x Multiple Cross-Site Scripting Vulnerabilities (7.0 - 7.85)
WordPress Plugin SP Project & Document Manager Arbitrary File Upload (4.22)
WordPress Plugin Live Chat Unlimited Cross-Site Scripting (2.8.3)
Jboss EAP Deserialization of Untrusted Data Vulnerability (CVE-2016-4978)