Unrated severityNVD Advisory· Published Aug 11, 2022· Updated Oct 20, 2025
CVE-2022-38150
CVE-2022-38150
Description
In Varnish Cache 7.0.0, 7.0.1, 7.0.2, and 7.1.0, it is possible to cause the Varnish Server to assert and automatically restart through forged HTTP/1 backend responses. An attack uses a crafted reason phrase of the backend response status line. This is fixed in 7.0.3 and 7.1.1.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Affected products
8(expand)+ 1 more
- (no CPE)
- (no CPE)range: 7.0.0, 7.0.1, 7.0.2, 7.1.0 (fixed in 7.0.3, 7.1.1)
- osv-coords6 versionspkg:bitnami/varnishpkg:deb/ubuntu/varnish@4.1.1-1ubuntu0.2+esm1?arch=source&distro=esm-apps/xenialpkg:rpm/opensuse/varnish&distro=openSUSE%20Leap%2015.4pkg:rpm/opensuse/varnish&distro=openSUSE%20Tumbleweedpkg:rpm/opensuse/vinyl-cache&distro=openSUSE%20Tumbleweedpkg:rpm/suse/varnish&distro=SUSE%20Package%20Hub%2015%20SP4
>= 7.0.0, < 7.0.1+ 5 more
- (no CPE)range: >= 7.0.0, < 7.0.1
- (no CPE)range: >= 0
- (no CPE)range: < 7.1.1-bp154.2.6.1
- (no CPE)range: < 7.1.1-1.1
- (no CPE)range: < 9.0.0-1.1
- (no CPE)range: < 7.1.1-bp154.2.6.1
Patches
Vulnerability mechanics
References
4- lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/M4KVVCIQVINQQ2D7ORNARSYALMJUMP3I/mitrevendor-advisory
- lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/TW3X4PEKC5C736SCKE2UG3Y7JWKMD2K6/mitrevendor-advisory
- lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/V2BUKFICLZBXESLQ3MXMIG3G52RZURFK/mitrevendor-advisory
- varnish-cache.org/security/VSV00009.htmlmitre
News mentions
0No linked articles in our index yet.