Alf-Andre Walla

**Name of the Vulnerable Software and Affected Versions** Varnish Cache versions prior to 6.0.4 LTS Varnish Cache versions 6.1.x through 6.2.0 **Description** An issue in Varnish Cache allows a remote attacker to trigger an assert by sending crafted HTTP/1 requests, causing an automatic restart with a clean cache and resulting in a Denial of Service attack. The issue is due to insufficient input validation in the HTTP/1 parser. **Recommendations** For Varnish Cache versions prior to 6.0.4 LTS, update to version 6.0.4 LTS or later. For Varnish Cache versions 6.1.x through 6.2.0, update to version 6.2.1 or later. As a temporary workaround, consider restricting access to the HTTP/1 parser to minimize the risk of exploitation.