varnish cache is vulnerable to denial of service. A remote attacker is able to crash the application by sending malicious HTTP/1 requests processed on the same HTTP/1 keep-alive connection. This causes Varnish to restart with a clean cache, resulting in a denial of service condition.
lists.opensuse.org/opensuse-security-announce/2019-09/msg00069.html
lists.opensuse.org/opensuse-security-announce/2019-09/msg00089.html
access.redhat.com/documentation/en-us/red_hat_software_collections/3/html/3.5_release_notes/
access.redhat.com/errata/RHEA-2020:2262
bugzilla.redhat.com/show_bug.cgi?id=1756079
lists.fedoraproject.org/archives/list/[email protected]/message/3OEOCYRU43TWEU2C65F3D6GK64MSWNNK/
lists.fedoraproject.org/archives/list/[email protected]/message/DBAQF6UDRSTURGINIMSMLJR4PTDYWA7C/
lists.fedoraproject.org/archives/list/[email protected]/message/KLSF54TDJWJLINIFEW5V5BKDNY5EQRR3/
seclists.org/bugtraq/2019/Sep/5
varnish-cache.org/security/VSV00003.html
www.debian.org/security/2019/dsa-4514