CVE-2024-30156

Severity CVSS v4.0:

Pending analysis

Type:

Unavailable / Other

Publication date:

24/03/2024

Last modified:

25/03/2024

Description

Varnish Cache before 7.3.2 and 7.4.x before 7.4.3 (and before 6.0.13 LTS), and Varnish Enterprise 6 before 6.0.12r6, allows credits exhaustion for an HTTP/2 connection control flow window, aka a Broke Window Attack.

Impact

References to Advisories, Solutions, and Tools

https://varnish-cache.org/docs/7.5/whats-new/changes-7.5.html#security
https://varnish-cache.org/security/VSV00014.html