Vulnerability Details CVE-2020-11653
An issue was discovered in Varnish Cache before 6.0.6 LTS, 6.1.x and 6.2.x before 6.2.3, and 6.3.x before 6.3.2. It occurs when communication with a TLS termination proxy uses PROXY version 2. There can be an assertion failure and daemon restart, which causes a performance loss.
Exploit prediction scoring system (EPSS) score
EPSS Score 0.005
EPSS Ranking 62.9%
CVSS Severity
CVSS v3 Score 7.5
CVSS v2 Score 5.0
References
- http://lists.opensuse.org/opensuse-security-announce/2020-06/msg00026.html
- http://lists.opensuse.org/opensuse-security-announce/2020-06/msg00031.html
- https://lists.debian.org/debian-lts-announce/2022/11/msg00036.html
- https://varnish-cache.org/security/VSV00005.html#vsv00005
- http://lists.opensuse.org/opensuse-security-announce/2020-06/msg00026.html
- http://lists.opensuse.org/opensuse-security-announce/2020-06/msg00031.html
- https://lists.debian.org/debian-lts-announce/2022/11/msg00036.html
- https://varnish-cache.org/security/VSV00005.html#vsv00005
Products affected by CVE-2020-11653
-
cpe:2.3:a:opensuse:backports_sle:15.0
-
cpe:2.3:a:varnish-cache:varnish_cache:*
-
cpe:2.3:a:varnish-software:varnish_cache:6.0.0
-
cpe:2.3:a:varnish-software:varnish_cache:6.0.1
-
cpe:2.3:a:varnish-software:varnish_cache:6.0.2
-
cpe:2.3:a:varnish-software:varnish_cache:6.0.3
-
cpe:2.3:a:varnish-software:varnish_cache:6.0.4
-
cpe:2.3:a:varnish-software:varnish_cache:6.0.5
-
cpe:2.3:o:debian:debian_linux:10.0
-
cpe:2.3:o:opensuse:leap:15.1