CVE-2020-11653
HIGHVarnish Cache 6.0.0-6.0.5, 6.1.0-6.2.2, 6.3.0-6.3.1 - Reachable Assertion via PROXY v2 TLS Termination
Title source: llmDescription
An issue was discovered in Varnish Cache before 6.0.6 LTS, 6.1.x and 6.2.x before 6.2.3, and 6.3.x before 6.3.2. It occurs when communication with a TLS termination proxy uses PROXY version 2. There can be an assertion failure and daemon restart, which causes a performance loss.
References (4)
Core 4
Core References
Mailing List, Third Party Advisory vendor-advisory
http://lists.opensuse.org/opensuse-security-announce/2020-06/msg00031.html
Mailing List, Third Party Advisory vendor-advisory
http://lists.opensuse.org/opensuse-security-announce/2020-06/msg00026.html
Mailing List, Third Party Advisory mailing-list
https://lists.debian.org/debian-lts-announce/2022/11/msg00036.html
Vendor Advisory
https://varnish-cache.org/security/VSV00005.html#vsv00005
Scores
CVSS v3
7.5
EPSS
0.0126
EPSS Percentile
79.7%
Attack Vector
NETWORK
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
Details
CWE
CWE-617
Status
published
Products (5)
debian/debian_linux
10.0
opensuse/backports_sle
15.0 sp1
opensuse/leap
15.1
varnish-cache/varnish_cache
6.1.0 - 6.2.3
varnish-software/varnish_cache
6.0.0 - 6.0.6
Published
Apr 08, 2020
Tracked Since
Feb 18, 2026