CVE-2020-11653

CVSS v3.1

7.5

High

Vector

AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

Name of the Vulnerable Software and Affected Versions Varnish Cache versions prior to 6.0.6 LTS Varnish Cache versions 6.1.x Varnish Cache versions 6.2.x prior to 6.2.3 Varnish Cache versions 6.3.x prior to 6.3.2

Description An issue occurs in Varnish Cache when communication with a TLS termination proxy uses PROXY version 2, leading to an assertion failure and daemon restart. This results in a performance loss.

Recommendations For versions prior to 6.0.6 LTS, update to version 6.0.6 LTS or later. For versions 6.1.x, update to version 6.2.3 or later. For versions 6.2.x prior to 6.2.3, update to version 6.2.3 or later. For versions 6.3.x prior to 6.3.2, update to version 6.3.2 or later.

Fix

Assertion Failure

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-617

Related Identifiers

CESA-2020_4756

CVE-2020-11653

DLA-3208-1

OPENSUSE-SU-2020:0808-1

OPENSUSE-SU-2020:0819-1

OPENSUSE-SU-2020_0808-1

RHSA-2020:4756

RHSA-2020_4756

RLSA-2020:4756

USN-5474-1

USN-5474-2

Affected Products

Centos

Linuxmint

Red Hat

Rocky Linux

Suse

Ubuntu

Varnish Cache

CVE-2020-11653

Weakness Enumeration

Related Identifiers

Affected Products

References · 37