Upstream information
Description
Varnish Cache before 7.3.2 and 7.4.x before 7.4.3 (and before 6.0.13 LTS), and Varnish Enterprise 6 before 6.0.12r6, allows credits exhaustion for an HTTP/2 connection control flow window, aka a Broke Window Attack.SUSE information
Overall state of this security issue: Does not affect SUSE products
This issue is currently rated as having important severity.
SUSE Bugzilla entry: 1221942 [NEW] No SUSE Security Announcements cross referenced.List of released packages
Product(s) | Fixed package version(s) | References |
---|---|---|
SUSE Liberty Linux 8 |
| Patchnames: RHSA-2024:1690 |
SUSE Liberty Linux 9 |
| Patchnames: RHSA-2024:1691 |
SUSE Timeline for this CVE
CVE page created: Sun Mar 24 03:00:03 2024CVE page last modified: Sat Jul 13 00:53:37 2024