Varnish Cache Project Varnish Cache 4.0.3 Release Candidate 1

CPE Details

Varnish Cache Project Varnish Cache 4.0.3 Release Candidate 1
varnish_cache_project
varnish_cache
4.0.3
2022-08-02
14h20 +00:00
2022-08-02
17h21 +00:00
CPE NVD
Alerte pour un CPE
Stay informed of any changes for a specific CPE.
Notifications manage

CPE Name: cpe:2.3:a:varnish_cache_project:varnish_cache:4.0.3:rc1:*:*:*:*:*:*

Informations

Vendor

varnish_cache_project

Product

varnish_cache

Version

4.0.3

Update

rc1

Related CVE

Open and find in CVE List

CVE ID Published Description Score Severity
CVE-2025-30346 2025-03-21 00h00 +00:00 Varnish Cache before 7.6.2 and Varnish Enterprise before 6.0.13r10 allow client-side desync via HTTP/1 requests.
5.4
Medium
CVE-2023-44487 2023-10-10 00h00 +00:00 The HTTP/2 protocol allows a denial of service (server resource consumption) because request cancellation can reset many streams quickly, as exploited in the wild in August through October 2023.
7.5
High
CVE-2017-12425 2017-08-04 07h00 +00:00 An issue was discovered in Varnish HTTP Cache 4.0.1 through 4.0.4, 4.1.0 through 4.1.7, 5.0.0, and 5.1.0 through 5.1.2. A wrong if statement in the varnishd source code means that particular invalid requests from the client can trigger an assert, related to an Integer Overflow. This causes the varnishd worker process to abort and restart, losing the cached contents in the process. An attacker can therefore crash the varnishd worker process on demand and effectively keep it from serving content - a Denial-of-Service attack. The specific source-code filename containing the incorrect statement varies across releases.
7.5
High