FreeBSD VuXML: Documenting security issues in FreeBSD and the FreeBSD Ports Collection

varnish -- Denial of Service Vulnerability

Affected packages
varnish7 < 7.1.1


VuXML ID c3610f39-18f1-11ed-9854-641c67a117d8
Discovery 2022-08-09
Entry 2022-08-10

Varnish Cache Project reports:

A denial of service attack can be performed against Varnish Cache servers by specially formatting the reason phrase of the backend response status line. In order to execute an attack, the attacker would have to be able to influence the HTTP/1 responses that the Varnish Server receives from its configured backends. A successful attack would cause the Varnish Server to assert and automatically restart.