A flaw was found in the way Varnish parsed certain HTTP/1 requests. A remote attacker could use this flaw to crash Varnish by sending specially crafted multiple HTTP/1 requests processed on the same HTTP/1 keep-alive connection. This causes Varnish to restart with a clean cache, causing a denial of service.
This flaw can be mitigated by using making changes in varnish configuration by using VCL (Varnish Configuration Language). More details available at: <https://varnish-cache.org/security/VSV00003-mitigation.html#vsv00003-mitigation>