CVE-2020-11653

An issue was discovered in Varnish Cache before 6.0.6 LTS, 6.1.x and 6.2.x before 6.2.3, and 6.3.x before 6.3.2. It occurs when communication with a TLS termination proxy uses PROXY version 2. There can be an assertion failure and daemon restart, which causes a performance loss.

Published: Apr 9, 2020
Updated: Apr 13, 2023
CVE: CVE-2020-11653
Severity: High
Exploit:

CVSS v3:

Severity: High
Score: 7.5
AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

CVSS v2:

Severity: Medium
Score: 5
AV:N/AC:L/Au:N/C:N/I:N/A:P

CWEs:

CWE-617

Affected Software
References

Software	From	Fixed in
varnish-cache / varnish_cache	6.3.0	6.3.2
varnish-cache / varnish_cache	6.1.0	6.2.3
varnish-software / varnish_cache	6.0.0	6.0.6
opensuse / leap	15.1	15.1.x
opensuse / backports_sle	15.0-sp1	15.0-sp1.x
debian / debian_linux	10.0	10.0.x

http://lists.opensuse.org/opensuse-security-announce/2020-06/msg00026.html
http://lists.opensuse.org/opensuse-security-announce/2020-06/msg00031.html
https://lists.debian.org/debian-lts-announce/2022/11/msg00036.html
https://varnish-cache.org/security/VSV00005.html#vsv00005

Vulnerability Database

289,598

CVE-2020-11653