Date: Mon, 18 Mar 2024 21:53:06 GMT From: Ryan Steinmetz <zi@FreeBSD.org> To: ports-committers@FreeBSD.org, dev-commits-ports-all@FreeBSD.org, dev-commits-ports-main@FreeBSD.org Subject: git: a8fc15f061da - main - security/vuxml: Document www/varnish7 vuln: CVE-2023-43622 Message-ID: <202403182153.42ILr6Jl010850@gitrepo.freebsd.org>
next in thread | raw e-mail | index | archive | help
The branch main has been updated by zi: URL: https://cgit.FreeBSD.org/ports/commit/?id=a8fc15f061da4f51e658d0c5d2a2e1f72f541e6e commit a8fc15f061da4f51e658d0c5d2a2e1f72f541e6e Author: Ryan Steinmetz <zi@FreeBSD.org> AuthorDate: 2024-03-18 21:52:57 +0000 Commit: Ryan Steinmetz <zi@FreeBSD.org> CommitDate: 2024-03-18 21:52:57 +0000 security/vuxml: Document www/varnish7 vuln: CVE-2023-43622 --- security/vuxml/vuln/2024.xml | 30 ++++++++++++++++++++++++++++++ 1 file changed, 30 insertions(+) diff --git a/security/vuxml/vuln/2024.xml b/security/vuxml/vuln/2024.xml index ac0ecc511977..ae29b61bb038 100644 --- a/security/vuxml/vuln/2024.xml +++ b/security/vuxml/vuln/2024.xml @@ -1,3 +1,33 @@ + <vuln vid="05b7180b-e571-11ee-a1c0-0050569f0b83"> + <topic>www/varnish7 -- Denial of Service</topic> + <affects> + <package> + <name>varnish7</name> + <range><lt>7.4.3</lt></range> + </package> + </affects> + <description> + <body xmlns="http://www.w3.org/1999/xhtml"> + <p>The Varnish Development Team reports:</p> + <blockquote cite="https://varnish-cache.org/security/VSV00014.html#vsv00014"> + <p>A denial of service attack can be performed on Varnish Cacher servers + that have the HTTP/2 protocol turned on. An attacker can let the + servers HTTP/2 connection control flow window run out of credits + indefinitely and prevent progress in the processing of streams, + retaining the associated resources.</p> + </blockquote> + </body> + </description> + <references> + <cvename>CVE-2023-43622</cvename> + <url>https://varnish-cache.org/security/VSV00014.html#vsv00014</url> + </references> + <dates> + <discovery>2019-04-19</discovery> + <entry>2024-03-18</entry> + </dates> + </vuln> + <vuln vid="0a48e552-e470-11ee-99b3-589cfc0f81b0"> <topic>amavisd-new -- multipart boundary confusion</topic> <affects>
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?202403182153.42ILr6Jl010850>