High severity7.5NVD Advisory· Published Mar 24, 2024· Updated Apr 15, 2026
CVE-2024-30156
CVE-2024-30156
Description
Varnish Cache before 7.3.2 and 7.4.x before 7.4.3 (and before 6.0.13 LTS), and Varnish Enterprise 6 before 6.0.12r6, allows credits exhaustion for an HTTP/2 connection control flow window, aka a Broke Window Attack.
Affected products
7<6.0.12r6+ 1 more
- (no CPE)range: <6.0.12r6
- (no CPE)range: <6.0.12r6
- Range: <7.3.2, <7.4.3, <6.0.13
- osv-coords4 versionspkg:rpm/almalinux/varnishpkg:rpm/almalinux/varnish-develpkg:rpm/almalinux/varnish-docspkg:rpm/almalinux/varnish-modules
< 6.0.13-1.module_el8.9.0+3786+e8a73bbf.alma.1+ 3 more
- (no CPE)range: < 6.0.13-1.module_el8.9.0+3786+e8a73bbf.alma.1
- (no CPE)range: < 6.0.13-1.module_el8.9.0+3786+e8a73bbf.alma.1
- (no CPE)range: < 6.0.13-1.module_el8.9.0+3786+e8a73bbf.alma.1
- (no CPE)range: < 0.15.0-6.module_el8.5.0+2620+03a0c2cc
Patches
Vulnerability mechanics
References
2News mentions
0No linked articles in our index yet.