Search for packages
Package details: pkg:deb/debian/varnish@6.5.1-1%2Bdeb11u3
purl pkg:deb/debian/varnish@6.5.1-1%2Bdeb11u3
Next non-vulnerable version 7.1.1-2+deb12u1
Latest non-vulnerable version 7.1.1-2+deb12u1
Risk 10.0
Vulnerabilities affecting this package (4)
Vulnerability Summary Fixed by
VCID-b85u-4g42-nyaq
Aliases:
CVE-2024-30156
VSV00014
varnish: HTTP/2 Broken Window Attack may result in denial of service
7.1.1-2+deb12u1
Affected by 0 other vulnerabilities.
VCID-c4d1-jsqh-hban
Aliases:
CVE-2023-44487
GHSA-qppj-fm5r-hxr3
VSV00013
The HTTP/2 protocol allows a denial of service (server resource consumption) because request cancellation can reset many streams quickly, as exploited in the wild in August through October 2023.
7.1.1-2+deb12u1
Affected by 0 other vulnerabilities.
VCID-c4pk-mc4n-wyh9
Aliases:
CVE-2025-30346
VSV00015
varnish: Client-Side Desynchronization in Varnish Cache
7.1.1-1.1+deb12u1
Affected by 2 other vulnerabilities.
VCID-pb7u-beyt-fbet
Aliases:
CVE-2025-47905
content spoofing
7.1.1-1.1+deb12u1
Affected by 2 other vulnerabilities.
Vulnerabilities fixed by this package (6)
Vulnerability Summary Aliases
VCID-9494-9tdz-jkeb An HTTP Request Forgery issue was discovered in Varnish Cache 5.x and 6.x before 6.0.11, 7.x before 7.1.2, and 7.2.x before 7.2.1. An attacker may introduce characters through HTTP/2 pseudo-headers that are invalid in the context of an HTTP/1 request line, causing the Varnish server to produce invalid HTTP/1 requests to the backend. This could, in turn, be used to exploit vulnerabilities in a server behind the Varnish server. Note: the 6.0.x LTS series (before 6.0.11) is affected. CVE-2022-45060
VSV00011
VCID-dkhk-j3eu-53he In Varnish Cache before 6.6.2 and 7.x before 7.0.2, Varnish Cache 6.0 LTS before 6.0.10, and and Varnish Enterprise (Cache Plus) 4.1.x before 4.1.11r6 and 6.0.x before 6.0.9r4, request smuggling can occur for HTTP/1 connections. CVE-2022-23959
VCID-kz93-hnzv-dyfe url request injection CVE-2021-36740
VCID-qswj-nhpw-3qgr An issue was discovered in Varnish Cache before 6.0.6 LTS, 6.1.x and 6.2.x before 6.2.3, and 6.3.x before 6.3.2. It occurs when communication with a TLS termination proxy uses PROXY version 2. There can be an assertion failure and daemon restart, which causes a performance loss. CVE-2020-11653
VCID-xdnk-3eyc-quas varnish: denial of service handling certain crafted HTTP/1 requests CVE-2019-15892
VCID-zb85-shgd-9qcq An issue was discovered in Varnish Cache before 6.0.5 LTS, 6.1.x and 6.2.x before 6.2.2, and 6.3.x before 6.3.1. It does not clear a pointer between the handling of one client request and the next request within the same connection. This sometimes causes information to be disclosed from the connection workspace, such as data structures associated with previous requests within this connection or VCL-related temporary headers. CVE-2019-20637

Date Actor Action Vulnerability Source VulnerableCode Version
2025-07-05T15:08:20.348739+00:00 Debian Oval Importer Affected by VCID-pb7u-beyt-fbet https://www.debian.org/security/oval/oval-definitions-bullseye.xml.bz2 37.0.0
2025-07-05T15:06:49.467840+00:00 Debian Oval Importer Fixing VCID-xdnk-3eyc-quas https://www.debian.org/security/oval/oval-definitions-bullseye.xml.bz2 37.0.0
2025-07-05T12:34:41.265266+00:00 Debian Oval Importer Fixing VCID-zb85-shgd-9qcq https://www.debian.org/security/oval/oval-definitions-bullseye.xml.bz2 37.0.0
2025-07-05T09:57:08.209944+00:00 Debian Oval Importer Fixing VCID-kz93-hnzv-dyfe https://www.debian.org/security/oval/oval-definitions-bullseye.xml.bz2 37.0.0
2025-07-05T09:46:03.557678+00:00 Debian Oval Importer Fixing VCID-dkhk-j3eu-53he https://www.debian.org/security/oval/oval-definitions-bullseye.xml.bz2 37.0.0
2025-07-05T09:35:41.536241+00:00 Debian Oval Importer Fixing VCID-9494-9tdz-jkeb https://www.debian.org/security/oval/oval-definitions-bullseye.xml.bz2 37.0.0
2025-07-05T06:45:34.779830+00:00 Debian Oval Importer Affected by VCID-c4pk-mc4n-wyh9 https://www.debian.org/security/oval/oval-definitions-bullseye.xml.bz2 37.0.0
2025-07-04T06:26:59.073231+00:00 Debian Oval Importer Fixing VCID-qswj-nhpw-3qgr https://www.debian.org/security/oval/oval-definitions-bullseye.xml.bz2 37.0.0
2025-07-03T18:50:24.145049+00:00 Debian Importer Affected by VCID-b85u-4g42-nyaq https://security-tracker.debian.org/tracker/data/json 37.0.0
2025-07-03T17:51:52.819014+00:00 Debian Importer Affected by VCID-c4d1-jsqh-hban https://security-tracker.debian.org/tracker/data/json 37.0.0
2025-07-02T03:58:58.451645+00:00 Debian Oval Importer Affected by VCID-pb7u-beyt-fbet https://www.debian.org/security/oval/oval-definitions-bullseye.xml.bz2 36.1.3
2025-07-02T03:57:46.394818+00:00 Debian Oval Importer Fixing VCID-xdnk-3eyc-quas https://www.debian.org/security/oval/oval-definitions-bullseye.xml.bz2 36.1.3
2025-07-02T03:02:32.837997+00:00 Debian Oval Importer Fixing VCID-zb85-shgd-9qcq https://www.debian.org/security/oval/oval-definitions-bullseye.xml.bz2 36.1.3
2025-07-02T01:40:32.936324+00:00 Debian Oval Importer Fixing VCID-kz93-hnzv-dyfe https://www.debian.org/security/oval/oval-definitions-bullseye.xml.bz2 36.1.3
2025-07-02T01:35:32.007887+00:00 Debian Oval Importer Fixing VCID-dkhk-j3eu-53he https://www.debian.org/security/oval/oval-definitions-bullseye.xml.bz2 36.1.3
2025-07-02T01:30:23.904741+00:00 Debian Oval Importer Fixing VCID-9494-9tdz-jkeb https://www.debian.org/security/oval/oval-definitions-bullseye.xml.bz2 36.1.3
2025-07-02T00:26:24.739912+00:00 Debian Oval Importer Affected by VCID-c4pk-mc4n-wyh9 https://www.debian.org/security/oval/oval-definitions-bullseye.xml.bz2 36.1.3
2025-07-01T22:04:33.217676+00:00 Debian Oval Importer Fixing VCID-qswj-nhpw-3qgr https://www.debian.org/security/oval/oval-definitions-bullseye.xml.bz2 36.1.3
2025-07-01T16:12:16.713654+00:00 Debian Importer Affected by VCID-b85u-4g42-nyaq https://security-tracker.debian.org/tracker/data/json 36.1.3
2025-07-01T16:00:41.823432+00:00 Debian Importer Affected by VCID-c4d1-jsqh-hban https://security-tracker.debian.org/tracker/data/json 36.1.3