How severe is CVE-2021-28543?

This vulnerability has a severity rating of HIGH with a CVSS score of 7.5 out of 10.

What type of vulnerability is CVE-2021-28543?

This is classified as CWE-476, which is a common weakness in software security.

CVE-2021-28543 - HIGH Severity | CVSS 7.5

Vulnerability Description

Varnish varnish-modules before 0.17.1 allows remote attackers to cause a denial of service (daemon restart) in some configurations. This does not affect organizations that only install the Varnish Cache product; however, it is common to install both Varnish Cache and varnish-modules. Specifically, an assertion failure or NULL pointer dereference can be triggered in Varnish Cache through the varnish-modules header.append() and header.copy() functions. For some Varnish Configuration Language (VCL) files, this gives remote clients an opportunity to cause a Varnish Cache restart. A restart reduces overall availability and performance due to an increased number of cache misses, and may cause higher load on backend servers.

Related Vulnerabilities

CVE-1999-0052

HIGH

CVSS:7.5(High)

IP fragmentation denial of service in FreeBSD allows a remote attacker to cause a crash.

CWE-4761999

CVE-2002-0401

HIGH

CVSS:7.5(High)

SMB dissector in Ethereal 0.9.3 and earlier allows remote attackers to cause a denial of service (crash) or execute arbitrary code via malformed packets that cause Ethereal to dereference a NULL point...

CWE-4762002

CVE-2002-1912

HIGH

CVSS:7.5(High)

SkyStream EMR5000 1.16 through 1.18 does not drop packets or disable the Ethernet interface when the buffers are full, which allows remote attackers to cause a denial of service (null pointer exceptio...

CWE-4762002

CVE-2003-1000

HIGH

CVSS:7.5(High)

xchat 2.0.6 allows remote attackers to cause a denial of service (crash) via a passive DCC request with an invalid ID number, which causes a null dereference.

CWE-4762003

CVE-2003-1013

HIGH

CVSS:7.5(High)

The Q.931 dissector in Ethereal before 0.10.0, and Tethereal, allows remote attackers to cause a denial of service (crash) via a malformed Q.931, which triggers a null dereference.

CWE-4762003

CVE-2004-0079

HIGH

CVSS:7.5(High)

The do_change_cipher_spec function in OpenSSL 0.9.6c to 0.9.6k, and 0.9.7a to 0.9.7c, allows remote attackers to cause a denial of service (crash) via a crafted SSL/TLS handshake that triggers a null ...

CWE-4762004