UBUNTU-CVE-2022-23959
- Source
- https://ubuntu.com/security/CVE-2022-23959
- Import Source
- https://github.com/canonical/ubuntu-security-notices/blob/main/osv/cve/2022/UBUNTU-CVE-2022-23959.json
- JSON Data
- https://api.test.osv.dev/v1/vulns/UBUNTU-CVE-2022-23959
- Upstream
- Related
- Published
- 2022-01-26T01:15:00Z
- Modified
- 2025-07-14T07:01:02.395991Z
- Severity
-
- 9.1 (Critical) CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N CVSS Calculator
- Ubuntu - medium
- Summary
- [none]
- Details
-
In Varnish Cache before 6.6.2 and 7.x before 7.0.2, Varnish Cache 6.0 LTS before 6.0.10, and and Varnish Enterprise (Cache Plus) 4.1.x before 4.1.11r6 and 6.0.x before 6.0.9r4, request smuggling can occur for HTTP/1 connections.
- References
Affected packages
Ubuntu:Pro:14.04:LTS / varnish
Package
- Name
- varnish
- Purl
- pkg:deb/ubuntu/varnish@3.0.5-2ubuntu0.1?arch=source&distro=esm-infra-legacy/trusty
Ubuntu:Pro:16.04:LTS / varnish
Package
- Name
- varnish
- Purl
- pkg:deb/ubuntu/varnish@4.1.1-1ubuntu0.2+esm1?arch=source&distro=esm-apps/xenial
Ubuntu:18.04:LTS / varnish
Package
- Name
- varnish
- Purl
- pkg:deb/ubuntu/varnish@5.2.1-1ubuntu0.1?arch=source&distro=bionic
Affected ranges
- Type
- ECOSYSTEM
- Events
-
Introduced0Unknown introduced version / All previous versions are affectedFixed5.2.1-1ubuntu0.1
Ecosystem specific
{
"binaries": [
{
"binary_version": "5.2.1-1ubuntu0.1",
"binary_name": "libvarnishapi-dev"
},
{
"binary_version": "5.2.1-1ubuntu0.1",
"binary_name": "libvarnishapi1"
},
{
"binary_version": "5.2.1-1ubuntu0.1",
"binary_name": "libvarnishapi1-dbgsym"
},
{
"binary_version": "5.2.1-1ubuntu0.1",
"binary_name": "varnish"
},
{
"binary_version": "5.2.1-1ubuntu0.1",
"binary_name": "varnish-dbgsym"
},
{
"binary_version": "5.2.1-1ubuntu0.1",
"binary_name": "varnish-doc"
}
],
"availability": "No subscription required"
}
Ubuntu:20.04:LTS / varnish
Package
- Name
- varnish
- Purl
- pkg:deb/ubuntu/varnish@6.2.1-2ubuntu0.1?arch=source&distro=focal
Affected ranges
- Type
- ECOSYSTEM
- Events
-
Introduced0Unknown introduced version / All previous versions are affectedFixed6.2.1-2ubuntu0.1
Ecosystem specific
{
"binaries": [
{
"binary_version": "6.2.1-2ubuntu0.1",
"binary_name": "libvarnishapi-dev"
},
{
"binary_version": "6.2.1-2ubuntu0.1",
"binary_name": "libvarnishapi2"
},
{
"binary_version": "6.2.1-2ubuntu0.1",
"binary_name": "libvarnishapi2-dbgsym"
},
{
"binary_version": "6.2.1-2ubuntu0.1",
"binary_name": "varnish"
},
{
"binary_version": "6.2.1-2ubuntu0.1",
"binary_name": "varnish-dbgsym"
},
{
"binary_version": "6.2.1-2ubuntu0.1",
"binary_name": "varnish-doc"
}
],
"availability": "No subscription required"
}
Ubuntu:22.04:LTS / varnish
Package
- Name
- varnish
- Purl
- pkg:deb/ubuntu/varnish@6.6.1-1ubuntu0.2?arch=source&distro=jammy
Affected ranges
- Type
- ECOSYSTEM
- Events
-
Introduced0Unknown introduced version / All previous versions are affectedFixed6.6.1-1ubuntu0.2
Ecosystem specific
{
"binaries": [
{
"binary_version": "6.6.1-1ubuntu0.2",
"binary_name": "libvarnishapi-dev"
},
{
"binary_version": "6.6.1-1ubuntu0.2",
"binary_name": "libvarnishapi2"
},
{
"binary_version": "6.6.1-1ubuntu0.2",
"binary_name": "libvarnishapi2-dbgsym"
},
{
"binary_version": "6.6.1-1ubuntu0.2",
"binary_name": "varnish"
},
{
"binary_version": "6.6.1-1ubuntu0.2",
"binary_name": "varnish-dbgsym"
},
{
"binary_version": "6.6.1-1ubuntu0.2",
"binary_name": "varnish-doc"
}
],
"availability": "No subscription required"
}
Ubuntu:24.04:LTS / varnish
Package
- Name
- varnish
- Purl
- pkg:deb/ubuntu/varnish@7.1.1-1.1ubuntu1?arch=source&distro=noble