CVE-2024-30156

Name
CVE-2024-30156
Description
Varnish Cache before 7.3.2 and 7.4.x before 7.4.3 (and before 6.0.13 LTS), and Varnish Enterprise 6 before 6.0.12r6, allows credits exhaustion for an HTTP/2 connection control flow window, aka a Broke Window Attack.
NVD Severity
unknown
Other trackers
Mailing lists
Exploits
Forges
GitHub (code, issues), Aports (code, issues)

References

Type URI
cve@mitre.org https://varnish-cache.org/docs/7.5/whats-new/changes-7.5.html#security
cve@mitre.org https://varnish-cache.org/security/VSV00014.html

Match rules

CPE URI Source package Min version Max version
n/a == n/a == n/a

Vulnerable and fixed packages

Source package Branch Version Maintainer Status
varnish 3.18-main 7.3.2-r0 Natanael Copa <ncopa@alpinelinux.org> fixed
varnish 3.17-main 7.3.2-r0 Natanael Copa <ncopa@alpinelinux.org> fixed
varnish 3.19-main 7.4.3-r0 Natanael Copa <ncopa@alpinelinux.org> fixed
varnish 3.20-main 7.5.0-r0 Natanael Copa <ncopa@alpinelinux.org> fixed