Nils Goroll

Name of the Vulnerable Software and Affected Versions: Varnish varnish-modules versions prior to 0.17.1 Description: The issue allows remote attackers to cause a denial of service (daemon restart) in some configurations, specifically when both Varnish Cache and varnish-modules are installed. This can be triggered through the varnish-modules `header.append()` and `header.copy()` functions, potentially causing a Varnish Cache restart for some Varnish Configuration Language (VCL) files. A restart reduces overall availability and performance due to an increased number of cache misses and may cause higher load on backend servers. Recommendations: For versions prior to 0.17.1, update to version 0.17.1 or later to resolve the issue. As a temporary workaround, consider restricting access to the `header.append()` and `header.copy()` functions in varnish-modules to minimize the risk of exploitation.