Your submission was sent successfully! Close

CVE-2019-20637

Published: 8 April 2020

An issue was discovered in Varnish Cache before 6.0.5 LTS, 6.1.x and 6.2.x before 6.2.2, and 6.3.x before 6.3.1. It does not clear a pointer between the handling of one client request and the next request within the same connection. This sometimes causes information to be disclosed from the connection workspace, such as data structures associated with previous requests within this connection or VCL-related temporary headers.

Priority

Medium

CVSS 3 base score: 7.5

Status

Package Release Status
varnish
Launchpad, Ubuntu, Debian
bionic
Released (5.2.1-1ubuntu0.1)
eoan Ignored
(reached end-of-life)
focal
Released (6.2.1-2ubuntu0.1)
groovy Not vulnerable
(6.4.0-2)
hirsute Not vulnerable
(6.4.0-2)
impish Not vulnerable
(6.4.0-2)
jammy Not vulnerable
(6.4.0-2)
precise Does not exist

trusty Not vulnerable
(code not present)
upstream Needs triage

xenial Ignored
(end of standard support, was needs-triage)