PT-2024-3059 · Varnish+6 · Varnish Cache+7
Published
2024-03-23
·
Updated
2025-11-13
·
CVE-2024-30156
CVSS v2.0
7.8
High
| Vector | AV:N/AC:L/Au:N/C:N/I:N/A:C |
Name of the Vulnerable Software and Affected Versions
Varnish Cache versions prior to 7.3.2
Varnish Cache versions 7.4.x prior to 7.4.3
Varnish Cache version 6.0.13 LTS and earlier
Varnish Enterprise 6 versions prior to 6.0.12r6
Description
The issue is related to an uncontrolled consumption of resources, which can be exploited by a remote attacker to conduct a denial-of-service (DoS) attack, also known as a Broke Window Attack. This attack is related to credits exhaustion for an HTTP/2 connection control flow window.
Recommendations
For Varnish Cache versions prior to 7.3.2, update to version 7.3.2 or later.
For Varnish Cache versions 7.4.x prior to 7.4.3, update to version 7.4.3 or later.
For Varnish Cache version 6.0.13 LTS and earlier, update to version 6.0.13 LTS or later.
For Varnish Enterprise 6 versions prior to 6.0.12r6, update to version 6.0.12r6 or later.
Fix
Resource Exhaustion
Allocation of Resources Without Limits
Found an issue in the description? Have something to add? Feel free to write us 👾
Related Identifiers
Affected Products
Almalinux
Centos
Debian
Red Hat
Red Os
Rocky Linux
Varnish Cache
Varnish Enterprise