CVE-2024-30156 SUSE CVE security@suse.de SUSE Security Team SUSE CVE-2024-30156 Interim 1 7 2025-05-30T23:15:18Z current 2024-03-27T00:09:14Z 2025-05-30T23:15:18Z cve-database/bin/generate-cvrf-cve.pl 2020-12-27T01:00:00Z CVE-2024-30156 Varnish Cache before 7.3.2 and 7.4.x before 7.4.3 (and before 6.0.13 LTS), and Varnish Enterprise 6 before 6.0.12r6, allows credits exhaustion for an HTTP/2 connection control flow window, aka a Broke Window Attack. The CVRF data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0). https://www.suse.com/support/security/rating/ SUSE Security Ratings SUSE Liberty Linux 8 SUSE Liberty Linux 9 SUSE Package Hub 15 SP6 openSUSE Leap 15.6 libvarnishapi3-7.7.1-bp156.2.3.1 varnish-6.0.13-1.module+el8.9.0+21617+7578fa11 varnish-6.6.2-4.el9_3.1 varnish-7.7.1-bp156.2.3.1 varnish-devel-6.0.13-1.module+el8.9.0+21617+7578fa11 varnish-devel-6.6.2-4.el9_3.1 varnish-devel-7.7.1-bp156.2.3.1 varnish-docs-6.0.13-1.module+el8.9.0+21617+7578fa11 varnish-docs-6.6.2-4.el9_3.1 varnish-modules-0.15.0-6.module+el8.9.0+21617+7578fa11 varnish-6.0.13-1.module+el8.9.0+21617+7578fa11 as a component of SUSE Liberty Linux 8 varnish-devel-6.0.13-1.module+el8.9.0+21617+7578fa11 as a component of SUSE Liberty Linux 8 varnish-docs-6.0.13-1.module+el8.9.0+21617+7578fa11 as a component of SUSE Liberty Linux 8 varnish-modules-0.15.0-6.module+el8.9.0+21617+7578fa11 as a component of SUSE Liberty Linux 8 varnish-6.6.2-4.el9_3.1 as a component of SUSE Liberty Linux 9 varnish-devel-6.6.2-4.el9_3.1 as a component of SUSE Liberty Linux 9 varnish-docs-6.6.2-4.el9_3.1 as a component of SUSE Liberty Linux 9 libvarnishapi3-7.7.1-bp156.2.3.1 as a component of SUSE Package Hub 15 SP6 varnish-7.7.1-bp156.2.3.1 as a component of SUSE Package Hub 15 SP6 varnish-devel-7.7.1-bp156.2.3.1 as a component of SUSE Package Hub 15 SP6 libvarnishapi3-7.7.1-bp156.2.3.1 as a component of openSUSE Leap 15.6 varnish-7.7.1-bp156.2.3.1 as a component of openSUSE Leap 15.6 varnish-devel-7.7.1-bp156.2.3.1 as a component of openSUSE Leap 15.6 Varnish Cache before 7.3.2 and 7.4.x before 7.4.3 (and before 6.0.13 LTS), and Varnish Enterprise 6 before 6.0.12r6, allows credits exhaustion for an HTTP/2 connection control flow window, aka a Broke Window Attack. CVE-2024-30156 SUSE Liberty Linux 8:varnish-6.0.13-1.module+el8.9.0+21617+7578fa11 SUSE Liberty Linux 8:varnish-devel-6.0.13-1.module+el8.9.0+21617+7578fa11 SUSE Liberty Linux 8:varnish-docs-6.0.13-1.module+el8.9.0+21617+7578fa11 SUSE Liberty Linux 8:varnish-modules-0.15.0-6.module+el8.9.0+21617+7578fa11 SUSE Liberty Linux 9:varnish-6.6.2-4.el9_3.1 SUSE Liberty Linux 9:varnish-devel-6.6.2-4.el9_3.1 SUSE Liberty Linux 9:varnish-docs-6.6.2-4.el9_3.1 SUSE Package Hub 15 SP6:libvarnishapi3-7.7.1-bp156.2.3.1 SUSE Package Hub 15 SP6:varnish-7.7.1-bp156.2.3.1 SUSE Package Hub 15 SP6:varnish-devel-7.7.1-bp156.2.3.1 openSUSE Leap 15.6:libvarnishapi3-7.7.1-bp156.2.3.1 openSUSE Leap 15.6:varnish-7.7.1-bp156.2.3.1 openSUSE Leap 15.6:varnish-devel-7.7.1-bp156.2.3.1 important