CVE-2022-38150 — Vulnetix

CVE-2022-38150 PUBLISHED

In Varnish Cache 7.0.0, 7.0.1, 7.0.2, and 7.1.0, it is possible to cause the Varnish Server to assert and automatically restart through forged HTTP/1 backend responses. An attack uses a crafted reason phrase of the backend response status line. This is fixed in 7.0.3 and 7.1.1.

EPSS 0.94% · 76.6th percentile

Risk Scores

EPSS Score

0.94%

76.6th percentile

Affected Products

Vendor	Product	Versions
Bitnami	varnish	7.0.2, 7.0.0, 7.0.1
Bitnami	varnish	7.0.0, 7.1.0, 7.0.2

Timeline

Aug 11, 2022 CVE Published
Aug 11, 2022 EPSS Score
Sep 26, 2022 EPSS Score
Nov 11, 2022 EPSS Score
Dec 27, 2022 EPSS Score
Feb 11, 2023 EPSS Score
Mar 7, 2023 EPSS Score
Mar 29, 2023 EPSS Score
May 14, 2023 EPSS Score
Jun 29, 2023 EPSS Score
Aug 15, 2023 EPSS Score
Sep 30, 2023 EPSS Score

References

https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/M4KVVCIQVINQQ2D7ORNARSYALMJUMP3I/ url
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/TW3X4PEKC5C736SCKE2UG3Y7JWKMD2K6/ url
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/V2BUKFICLZBXESLQ3MXMIG3G52RZURFK/ url
https://varnish-cache.org/security/VSV00009.html url
https://nvd.nist.gov/vuln/detail/CVE-2022-38150 url

Open in Interactive Console →