CVE-2024-30156

Source
https://nvd.nist.gov/vuln/detail/CVE-2024-30156
Import Source
https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2024-30156.json
Related
Published
2024-03-24T01:15:45Z
Modified
2024-05-22T17:22:11.187642Z
Summary
[none]
Details

Varnish Cache before 7.3.2 and 7.4.x before 7.4.3 (and before 6.0.13 LTS), and Varnish Enterprise 6 before 6.0.12r6, allows credits exhaustion for an HTTP/2 connection control flow window, aka a Broke Window Attack.

References

Affected packages

Alpine:v3.17 / varnish

Package

Name
varnish

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0The exact introduced commit is unknown
Fixed
7.3.2-r0

Affected versions

2.*

2.1.5-r0

3.*

3.0.0-r0
3.0.0-r1
3.0.0-r2
3.0.2-r0
3.0.2-r1
3.0.2-r2
3.0.2-r3
3.0.2-r4
3.0.2-r5
3.0.2-r6
3.0.2-r7
3.0.3-r0
3.0.3-r1
3.0.3-r2
3.0.4-r0
3.0.4-r1
3.0.4-r2
3.0.4-r3
3.0.4-r4
3.0.5-r0
3.0.5-r1

4.*

4.0.0-r0
4.0.0-r1
4.0.0-r2
4.0.1-r0
4.0.2-r0
4.0.2-r1
4.0.2-r2
4.0.3-r0
4.0.3-r1
4.1.0-r0
4.1.0-r1
4.1.0-r2
4.1.1-r0
4.1.2-r0
4.1.2-r1
4.1.2-r2
4.1.2-r3
4.1.3-r0

5.*

5.1.2-r0
5.1.2-r1
5.1.3-r0
5.2.0-r0
5.2.1-r0

6.*

6.0.0-r0
6.0.0-r1
6.0.1-r0
6.1.0-r0
6.1.1-r0
6.2.0-r0
6.2.0-r1
6.2.1-r0
6.3.0-r0
6.3.1-r0
6.3.1-r1
6.3.2-r0
6.4.0-r0
6.5.1-r0
6.6.0-r0
6.6.1-r0
6.6.1-r1

7.*

7.0.0-r0
7.0.1-r0
7.0.1-r1
7.0.2-r1
7.1.0-r1
7.1.1-r1
7.2.0-r1
7.2.1-r1

Alpine:v3.18 / varnish

Package

Name
varnish

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0The exact introduced commit is unknown
Fixed
7.3.2-r0

Affected versions

2.*

2.1.5-r0

3.*

3.0.0-r0
3.0.0-r1
3.0.0-r2
3.0.2-r0
3.0.2-r1
3.0.2-r2
3.0.2-r3
3.0.2-r4
3.0.2-r5
3.0.2-r6
3.0.2-r7
3.0.3-r0
3.0.3-r1
3.0.3-r2
3.0.4-r0
3.0.4-r1
3.0.4-r2
3.0.4-r3
3.0.4-r4
3.0.5-r0
3.0.5-r1

4.*

4.0.0-r0
4.0.0-r1
4.0.0-r2
4.0.1-r0
4.0.2-r0
4.0.2-r1
4.0.2-r2
4.0.3-r0
4.0.3-r1
4.1.0-r0
4.1.0-r1
4.1.0-r2
4.1.1-r0
4.1.2-r0
4.1.2-r1
4.1.2-r2
4.1.2-r3
4.1.3-r0

5.*

5.1.2-r0
5.1.2-r1
5.1.3-r0
5.2.0-r0
5.2.1-r0

6.*

6.0.0-r0
6.0.0-r1
6.0.1-r0
6.1.0-r0
6.1.1-r0
6.2.0-r0
6.2.0-r1
6.2.1-r0
6.3.0-r0
6.3.1-r0
6.3.1-r1
6.3.2-r0
6.4.0-r0
6.5.1-r0
6.6.0-r0
6.6.1-r0
6.6.1-r1

7.*

7.0.0-r0
7.0.1-r0
7.0.1-r1
7.0.2-r0
7.1.0-r0
7.1.1-r0
7.2.0-r0
7.2.1-r0
7.3.0-r0
7.3.0-r1
7.3.1-r1

Alpine:v3.19 / varnish

Package

Name
varnish

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0The exact introduced commit is unknown
Fixed
7.4.3-r0

Affected versions

2.*

2.1.5-r0

3.*

3.0.0-r0
3.0.0-r1
3.0.0-r2
3.0.2-r0
3.0.2-r1
3.0.2-r2
3.0.2-r3
3.0.2-r4
3.0.2-r5
3.0.2-r6
3.0.2-r7
3.0.3-r0
3.0.3-r1
3.0.3-r2
3.0.4-r0
3.0.4-r1
3.0.4-r2
3.0.4-r3
3.0.4-r4
3.0.5-r0
3.0.5-r1

4.*

4.0.0-r0
4.0.0-r1
4.0.0-r2
4.0.1-r0
4.0.2-r0
4.0.2-r1
4.0.2-r2
4.0.3-r0
4.0.3-r1
4.1.0-r0
4.1.0-r1
4.1.0-r2
4.1.1-r0
4.1.2-r0
4.1.2-r1
4.1.2-r2
4.1.2-r3
4.1.3-r0

5.*

5.1.2-r0
5.1.2-r1
5.1.3-r0
5.2.0-r0
5.2.1-r0

6.*

6.0.0-r0
6.0.0-r1
6.0.1-r0
6.1.0-r0
6.1.1-r0
6.2.0-r0
6.2.0-r1
6.2.1-r0
6.3.0-r0
6.3.1-r0
6.3.1-r1
6.3.2-r0
6.4.0-r0
6.5.1-r0
6.6.0-r0
6.6.1-r0
6.6.1-r1

7.*

7.0.0-r0
7.0.1-r0
7.0.1-r1
7.0.2-r0
7.1.0-r0
7.1.1-r0
7.2.0-r0
7.2.1-r0
7.3.0-r0
7.3.0-r1
7.4.0-r1
7.4.1-r1
7.4.2-r1

Alpine:v3.20 / varnish

Package

Name
varnish

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0The exact introduced commit is unknown
Fixed
7.5.0-r0

Affected versions

2.*

2.1.5-r0

3.*

3.0.0-r0
3.0.0-r1
3.0.0-r2
3.0.2-r0
3.0.2-r1
3.0.2-r2
3.0.2-r3
3.0.2-r4
3.0.2-r5
3.0.2-r6
3.0.2-r7
3.0.3-r0
3.0.3-r1
3.0.3-r2
3.0.4-r0
3.0.4-r1
3.0.4-r2
3.0.4-r3
3.0.4-r4
3.0.5-r0
3.0.5-r1

4.*

4.0.0-r0
4.0.0-r1
4.0.0-r2
4.0.1-r0
4.0.2-r0
4.0.2-r1
4.0.2-r2
4.0.3-r0
4.0.3-r1
4.1.0-r0
4.1.0-r1
4.1.0-r2
4.1.1-r0
4.1.2-r0
4.1.2-r1
4.1.2-r2
4.1.2-r3
4.1.3-r0

5.*

5.1.2-r0
5.1.2-r1
5.1.3-r0
5.2.0-r0
5.2.1-r0

6.*

6.0.0-r0
6.0.0-r1
6.0.1-r0
6.1.0-r0
6.1.1-r0
6.2.0-r0
6.2.0-r1
6.2.1-r0
6.3.0-r0
6.3.1-r0
6.3.1-r1
6.3.2-r0
6.4.0-r0
6.5.1-r0
6.6.0-r0
6.6.1-r0
6.6.1-r1

7.*

7.0.0-r0
7.0.1-r0
7.0.1-r1
7.0.2-r0
7.1.0-r0
7.1.1-r0
7.2.0-r0
7.2.1-r0
7.3.0-r0
7.3.0-r1
7.4.0-r1
7.4.1-r1
7.4.2-r1