INFSA-2025:8550: varnish security update
Information about definition
Identificator: INFSA-2025:8550
Type: security
Release date: 2025-07-15 19:33:25 UTC
Information about package
Varnish Cache is a high-performance HTTP accelerator. It stores web pages in memory so web servers don't have to create the same web page over and over again, giving the website a significant speed up.
Vulnerabilities description
- CVE-2025-47905
Varnish Cache before 7.6.3 and 7.7 before 7.7.1, and Varnish Enterprise before 6.0.13r14, allow client-side desync via HTTP/1 requests, because the product incorrectly permits CRLF to be skipped to delimit chunk boundaries.
Severity level
| CVE | Score CVSS 2.0 | Score CVSS 3.x | Score CVSS 4.0 |
|---|---|---|---|
|
NIST — CVE-2025-47905
|
no information | 8.1 | no information |
Updated packages