CVE-2022-38150

CVSS v3.1

7.5

High

Vector

AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

Name of the Vulnerable Software and Affected Versions Varnish Cache versions 7.0.0 through 7.0.2 Varnish Cache version 7.1.0

Description The issue allows an attacker to cause the Varnish Server to assert and automatically restart through forged HTTP/1 backend responses. This is achieved by using a crafted reason phrase of the backend response status line.

Recommendations For Varnish Cache versions 7.0.0 through 7.0.2, update to version 7.0.3 to resolve the issue. For Varnish Cache version 7.1.0, update to version 7.1.1 to resolve the issue.

Fix

Resource Exhaustion

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-400

Related Identifiers

BIT-VARNISH-2022-38150

CVE-2022-38150

OESA-2022-1854

OPENSUSE-SU-2022:10104-1

OPENSUSE-SU-2024:12255-1

OPENSUSE-SU-2026:10751-1

Affected Products

Varnish Cache

CVE-2022-38150

Weakness Enumeration

Related Identifiers

Affected Products

References · 33