FreeBSD VuXML: Documenting security issues in FreeBSD and the FreeBSD Ports Collection

www/varnish7 -- client-side desync vulnerability

Affected packages
varnish7 < 7.6.2

Details

VuXML ID 26f6733d-06a9-11f0-ba0b-641c67a117d8
Discovery 2024-12-17
Entry 2025-03-22

The Varnish Development Team reports:

A client-side desync vulnerability can be triggered in Varnish Cache and Varnish Enterprise. This vulnerability can be triggered under specific circumstances involving malformed HTTP/1 requests.

[source]

References

CVE Name CVE-2025-30346
URL https://varnish-cache.org/security/VSV00015.html#vsv00015

Copyright © 2003-2005 Jacques Vidrine and contributors.
Please see the source of this document for full copyright information.