6 matches found
CVE-2025-30346
Varnish Cache and Varnish Enterprise are affected by CVE-2025-30346: a HTTP/1 client-side desync vulnerability that can be triggered by malformed HTTP/1 requests. Affected versions are Varnish Cache prior to 7.6.2 and Varnish Enterprise prior to 6.0.13r10. The vulnerability description in connect...
CVE-2025-30347
CVE-2025-30347 affects Varnish Enterprise prior to 6.0.13r13. The issue is an out-of-bounds read for range requests on ephemeral MSE4 stevedore objects, enabling remote attackers to obtain sensitive information. The provided sources confirm the affected product/version and the basic impact (infor...
CVE-2023-41104
Affected software: libvmod-digest (pre-1.0.3) used with Varnish Enterprise 6.0.x up to 6.0.11r5. Issue: out-of-bounds memory access during base64 decoding in libvmod-digest can cause authentication bypass and information disclosure; exact attack surface depends on the VCL configuration. Impact: a...
CVE-2026-40394
Varnish Cache 9 before 9.0.1 and Varnish Enterprise before 6.0.16r11 are affected by a workspace overflow during HTTP/2 session upgrade. The vulnerability arises when the HTTP/2 upgrade path repurposes an HTTP/1 request as stream zero and allocates a buffer to reserve space for frames, which can ...
CVE-2026-34475
CVE-2026-34475 affects Varnish Cache (Open Source) ≤ 8.0.0 and Varnish Enterprise ≤ 6.0.16r11, where an unchecked req.url in HTTP/1.1 requests with a root path (/) can be passed to backends that accept absolute-form URIs, enabling cache poisoning or authentication bypass. The issue stems from how...
CVE-2026-40395
CVE-2026-40395 affects Varnish Enterprise prior to 6.0.16r12. A workspace overflow can occur in the vmod_headerplus module when header fields are excessive in a modified req0, causing a daemon panic and Denial of Service. Details in multiple sources describe the root cause as the headerplus.write...