Published: 08/04/2020 Updated: 29/11/2022

CVSS v2 Base Score: 5 | Impact Score: 2.9 | Exploitability Score: 10

CVSS v3 Base Score: 7.5 | Impact Score: 3.6 | Exploitability Score: 3.9

VMScore: 445

Vector: AV:N/AC:L/Au:N/C:N/I:N/A:P

An issue exists in Varnish Cache prior to 6.0.6 LTS, 6.1.x and 6.2.x prior to 6.2.3, and 6.3.x prior to 6.3.2. It occurs when communication with a TLS termination proxy uses PROXY version 2. There can be an assertion failure and daemon restart, which causes a performance loss.

Vulnerable Product	Search on Vulmon	Subscribe to Product
varnish-cache varnish cache
varnish-software varnish cache
opensuse leap 15.1
opensuse backports sle 15.0
debian debian linux 10.0

Synopsis Moderate: varnish:6 security, bug fix, and enhancement update Type/Severity Security Advisory: Moderate Topic An update for the varnish:6 module is now available for Red Hat Enterprise Linux 8Red Hat Product Security has rated this update as having a security impact of Moderate A Common Vulnerabi ...

Debian Bug report logs - #956307 varnish: CVE-2020-11653 Package: src:varnish; Maintainer for src:varnish is Varnish Package Maintainers <team+varnish-team@trackerdebianorg>; Reported by: Salvatore Bonaccorso <carnil@debianorg> Date: Thu, 9 Apr 2020 15:12:02 UTC Severity: important Tags: security, upstream Found ...

Several security issues were fixed in Varnish Cache ...

Varnish Cache could be made to restart if it received specially crafted input ...

CWE-617 https://varnish-cache.org/security/VSV00005.html#vsv00005 http://lists.opensuse.org/opensuse-security-announce/2020-06/msg00031.html http://lists.opensuse.org/opensuse-security-announce/2020-06/msg00026.html https://lists.debian.org/debian-lts-announce/2022/11/msg00036.html https://access.redhat.com/errata/RHSA-2020:4756 https://nvd.nist.gov https://ubuntu.com/security/notices/USN-5474-1

CVE-2020-11653

Vulnerability Summary

Vulnerability Trend

Vendor Advisories

References

Vulmon Search

About

Products

Connect