Candidate: CVE-2020-11653
PublicDate: 2020-04-08 23:15:00 UTC
References:
 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-11653
 https://varnish-cache.org/security/VSV00005.html#vsv00005
 https://github.com/varnishcache/varnish-cache/commit/2d8fc1a784a1e26d78c30174923a2b14ee2ebf62
Description:
 An issue was discovered in Varnish Cache before 6.0.6 LTS, 6.1.x and 6.2.x
 before 6.2.3, and 6.3.x before 6.3.2. It occurs when communication with a
 TLS termination proxy uses PROXY version 2. There can be an assertion
 failure and daemon restart, which causes a performance loss.
Ubuntu-Description:
Notes:
Mitigation:
Bugs:
 http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=956307
Priority: low
Discovered-by:
Assigned-to: ebarretto
CVSS:
 nvd: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H [7.5 HIGH]


Patches_varnish:
upstream_varnish: needs-triage
precise/esm_varnish: DNE
trusty_varnish: ignored (out of standard support)
trusty/esm_varnish: not-affected (code not present)
xenial_varnish: ignored (end of standard support, was needs-triage)
bionic_varnish: not-affected (code not present)
eoan_varnish: ignored (reached end-of-life)
focal_varnish: needed
groovy_varnish: not-affected (6.4.0-2)
hirsute_varnish: not-affected (6.4.0-2)
impish_varnish: not-affected (6.4.0-2)
jammy_varnish: not-affected (6.4.0-2)
devel_varnish: not-affected (6.4.0-2)