FreeBSD VuXML: Documenting security issues in FreeBSD and the FreeBSD Ports Collection

www/varnish7 -- Denial of Service

Affected packages
varnish7 < 7.4.3

Details

VuXML ID 05b7180b-e571-11ee-a1c0-0050569f0b83
Discovery 2019-04-19
Entry 2024-03-18

The Varnish Development Team reports:

A denial of service attack can be performed on Varnish Cacher servers that have the HTTP/2 protocol turned on. An attacker can let the servers HTTP/2 connection control flow window run out of credits indefinitely and prevent progress in the processing of streams, retaining the associated resources.

[source]

References

CVE Name CVE-2023-43622
URL https://varnish-cache.org/security/VSV00014.html#vsv00014

Copyright © 2003-2005 Jacques Vidrine and contributors.
Please see the source of this document for full copyright information.