[manjaro-security] [ASA-202505-13] varnish: content spoofing
Andrea Denisse
denisse at archlinux.org
Wed May 28 01:37:33 CEST 2025
Arch Linux Security Advisory ASA-202505-13
==========================================
Severity: High
Date : 2025-05-20
CVE-ID : CVE-2025-47905
Package : varnish
Type : content spoofing
Remote : Yes
Link : https://security.archlinux.org/AVG-2879
Summary
=======
The package varnish before version 7.7.1-1 is vulnerable to content
spoofing.
Resolution
==========
Upgrade to 7.7.1-1.
# pacman -Syu "varnish>=7.7.1-1"
The problem has been fixed upstream in version 7.7.1.
Workaround
==========
None.
Description
===========
A client-side desync vulnerability can be triggered in Varnish Cache.
This vulnerability can be triggered under specific circumstances
involving malformed HTTP/1 chunked requests.
An attacker can abuse a flaw in Varnish’s handling of chunked transfer
encoding which allows certain malformed HTTP/1 requests to exploit
improper framing of the message body to smuggle additional requests.
Specifically, Varnish incorrectly permits CRLF to be skipped to delimit
chunk boundaries.
Impact
======
A remote attacker able to send specially crafted HTTP/1 chunked
requests can exploit Varnish to smuggle additional requests,
potentially leading to information disclosure and allowing incorrect or
malicious content to be cached and served to other users.
References
==========
https://varnish-cache.org/releases/rel7.7.1.html
https://varnish-cache.org/security/VSV00016.html
https://varnish-cache.org/lists/pipermail/varnish-announce/2025-May/000767.html
https://security.archlinux.org/CVE-2025-47905
More information about the manjaro-security
mailing list