FreeBSD VuXML: Documenting security issues in FreeBSD and the FreeBSD Ports Collection

www/varnish7 -- Denial of Service

Affected packages
varnish7 < 7.4.3


VuXML ID 05b7180b-e571-11ee-a1c0-0050569f0b83
Discovery 2019-04-19
Entry 2024-03-18

The Varnish Development Team reports:

A denial of service attack can be performed on Varnish Cacher servers that have the HTTP/2 protocol turned on. An attacker can let the servers HTTP/2 connection control flow window run out of credits indefinitely and prevent progress in the processing of streams, retaining the associated resources.


CVE Name CVE-2023-43622