CVE-2020-11653
Publication date 8 April 2020
Last updated 25 August 2025
Ubuntu priority
Description
An issue was discovered in Varnish Cache before 6.0.6 LTS, 6.1.x and 6.2.x before 6.2.3, and 6.3.x before 6.3.2. It occurs when communication with a TLS termination proxy uses PROXY version 2. There can be an assertion failure and daemon restart, which causes a performance loss.
Status
| Package | Ubuntu Release | Status |
|---|---|---|
| varnish | 22.04 LTS jammy |
Not affected
|
| 20.04 LTS focal |
Fixed 6.2.1-2ubuntu0.1
|
|
| 18.04 LTS bionic |
Not affected
|
|
| 16.04 LTS xenial |
Not affected
|
|
| 14.04 LTS trusty |
Not affected
|
Severity score breakdown
| Parameter | Value |
|---|---|
| Base score |
7.5 · High
|
| Attack vector | Network |
| Attack complexity | Low |
| Privileges required | None |
| User interaction | None |
| Scope | Unchanged |
| Confidentiality | None |
| Integrity impact | None |
| Availability impact | High |
| Vector | CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H |
References
Related Ubuntu Security Notices (USN)
- USN-5474-1
- Varnish Cache vulnerabilities
- 8 June 2022
- USN-5474-2
- Varnish Cache regression
- 23 August 2022