CVE-2020-11653

2020-04-09T11:03:19
ID RH:CVE-2020-11653
Type redhatcve
Reporter redhat.com
Modified 2021-02-03T03:56:17

Description

An issue was discovered in Varnish Cache before 6.0.6 LTS, 6.1.x and 6.2.x before 6.2.3, and 6.3.x before 6.3.2. It occurs when communication with a TLS termination proxy uses PROXY version 2. There can be an assertion failure and daemon restart, which causes a performance loss.

Mitigation

An user can mitigate the problem by setting the proxy protocol to version 1 on the TLS Proxy side, as this flaw only affects the proxy protocol version 2.