Reachable Assertion Affecting varnish-devel package, versions <0:6.0.6-2.module+el8.3.0+7653+45014445
Snyk CVSS
Threat Intelligence
Do your applications use this vulnerable package?
In a few clicks we can analyze your entire application and see what components are vulnerable in your application, and suggest you quick fixes.
Test your applications- Snyk ID SNYK-ORACLE8-VARNISHDEVEL-2571969
- published 10 Apr 2022
- disclosed 8 Apr 2020
Introduced: 8 Apr 2020
CVE-2020-11653 Open this link in a new tabHow to fix?
Upgrade Oracle:8 varnish-devel to version 0:6.0.6-2.module+el8.3.0+7653+45014445 or higher.
This issue was patched in ELSA-2020-4756.
NVD Description
Note: Versions mentioned in the description apply only to the upstream varnish-devel package and not the varnish-devel package as distributed by Oracle.
See How to fix? for Oracle:8 relevant fixed versions and status.
An issue was discovered in Varnish Cache before 6.0.6 LTS, 6.1.x and 6.2.x before 6.2.3, and 6.3.x before 6.3.2. It occurs when communication with a TLS termination proxy uses PROXY version 2. There can be an assertion failure and daemon restart, which causes a performance loss.
References
- https://linux.oracle.com/cve/CVE-2020-11653.html
- https://linux.oracle.com/errata/ELSA-2020-4756.html
- https://varnish-cache.org/security/VSV00005.html#vsv00005
- http://lists.opensuse.org/opensuse-security-announce/2020-06/msg00031.html
- http://lists.opensuse.org/opensuse-security-announce/2020-06/msg00026.html
- https://lists.debian.org/debian-lts-announce/2022/11/msg00036.html