Arch Linux Security Advisory ASA-202505-13 ========================================== Severity: High Date : 2025-05-20 CVE-ID : CVE-2025-47905 Package : varnish Type : content spoofing Remote : Yes Link : https://security.archlinux.org/AVG-2879 Summary ======= The package varnish before version 7.7.1-1 is vulnerable to content spoofing. Resolution ========== Upgrade to 7.7.1-1. # pacman -Syu "varnish>=7.7.1-1" The problem has been fixed upstream in version 7.7.1. Workaround ========== None. Description =========== A client-side desync vulnerability can be triggered in Varnish Cache. This vulnerability can be triggered under specific circumstances involving malformed HTTP/1 chunked requests. An attacker can abuse a flaw in Varnish’s handling of chunked transfer encoding which allows certain malformed HTTP/1 requests to exploit improper framing of the message body to smuggle additional requests. Specifically, Varnish incorrectly permits CRLF to be skipped to delimit chunk boundaries. Impact ====== A remote attacker able to send specially crafted HTTP/1 chunked requests can exploit Varnish to smuggle additional requests, potentially leading to information disclosure and allowing incorrect or malicious content to be cached and served to other users. References ========== https://varnish-cache.org/releases/rel7.7.1.html https://varnish-cache.org/security/VSV00016.html https://varnish-cache.org/lists/pipermail/varnish-announce/2025-May/000767.html https://security.archlinux.org/CVE-2025-47905