CVE-2019-20637 SUSE CVE security@suse.de SUSE Security Team SUSE CVE-2019-20637 Interim 1 17 2025-02-17T01:46:53Z current 2021-05-30T14:34:19Z 2025-02-17T01:46:53Z cve-database/bin/generate-cvrf-cve.pl 2020-12-27T01:00:00Z CVE-2019-20637 An issue was discovered in Varnish Cache before 6.0.5 LTS, 6.1.x and 6.2.x before 6.2.2, and 6.3.x before 6.3.1. It does not clear a pointer between the handling of one client request and the next request within the same connection. This sometimes causes information to be disclosed from the connection workspace, such as data structures associated with previous requests within this connection or VCL-related temporary headers. The CVRF data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0). https://lists.opensuse.org/archives/list/security-announce@lists.opensuse.org/thread/PCUUXZW2DUUNCOBXQJNOGTFZJED26EJM/ E-Mail link for openSUSE-SU-2020:0808-1 https://lists.opensuse.org/archives/list/security-announce@lists.opensuse.org/thread/SC6JBGFRDO2KYXWHDNCH6CJL6N7QISZW/ E-Mail link for openSUSE-SU-2020:0819-1 https://www.suse.com/support/security/rating/ SUSE Security Ratings SUSE Liberty Linux 8 SUSE Package Hub 15 SP1 openSUSE Leap 15.1 libvarnishapi2-6.2.1-bp151.4.6.1 libvarnishapi2-6.2.1-lp151.3.6.1 varnish-6.0.6-2.module+el8.3.0+6843+b3b42fcc varnish-6.2.1-bp151.4.6.1 varnish-6.2.1-lp151.3.6.1 varnish-devel-6.0.6-2.module+el8.3.0+6843+b3b42fcc varnish-devel-6.2.1-bp151.4.6.1 varnish-devel-6.2.1-lp151.3.6.1 varnish-docs-6.0.6-2.module+el8.3.0+6843+b3b42fcc varnish-modules-0.15.0-5.module+el8.3.0+6843+b3b42fcc varnish-6.0.6-2.module+el8.3.0+6843+b3b42fcc as a component of SUSE Liberty Linux 8 varnish-devel-6.0.6-2.module+el8.3.0+6843+b3b42fcc as a component of SUSE Liberty Linux 8 varnish-docs-6.0.6-2.module+el8.3.0+6843+b3b42fcc as a component of SUSE Liberty Linux 8 varnish-modules-0.15.0-5.module+el8.3.0+6843+b3b42fcc as a component of SUSE Liberty Linux 8 libvarnishapi2-6.2.1-bp151.4.6.1 as a component of SUSE Package Hub 15 SP1 varnish-6.2.1-bp151.4.6.1 as a component of SUSE Package Hub 15 SP1 varnish-devel-6.2.1-bp151.4.6.1 as a component of SUSE Package Hub 15 SP1 libvarnishapi2-6.2.1-lp151.3.6.1 as a component of openSUSE Leap 15.1 varnish-6.2.1-lp151.3.6.1 as a component of openSUSE Leap 15.1 varnish-devel-6.2.1-lp151.3.6.1 as a component of openSUSE Leap 15.1 An issue was discovered in Varnish Cache before 6.0.5 LTS, 6.1.x and 6.2.x before 6.2.2, and 6.3.x before 6.3.1. It does not clear a pointer between the handling of one client request and the next request within the same connection. This sometimes causes information to be disclosed from the connection workspace, such as data structures associated with previous requests within this connection or VCL-related temporary headers. CVE-2019-20637 SUSE Liberty Linux 8:varnish-6.0.6-2.module+el8.3.0+6843+b3b42fcc SUSE Liberty Linux 8:varnish-devel-6.0.6-2.module+el8.3.0+6843+b3b42fcc SUSE Liberty Linux 8:varnish-docs-6.0.6-2.module+el8.3.0+6843+b3b42fcc SUSE Liberty Linux 8:varnish-modules-0.15.0-5.module+el8.3.0+6843+b3b42fcc SUSE Package Hub 15 SP1:libvarnishapi2-6.2.1-bp151.4.6.1 SUSE Package Hub 15 SP1:varnish-6.2.1-bp151.4.6.1 SUSE Package Hub 15 SP1:varnish-devel-6.2.1-bp151.4.6.1 openSUSE Leap 15.1:libvarnishapi2-6.2.1-lp151.3.6.1 openSUSE Leap 15.1:varnish-6.2.1-lp151.3.6.1 openSUSE Leap 15.1:varnish-devel-6.2.1-lp151.3.6.1 important 5 AV:N/AC:L/Au:N/C:P/I:N/A:N 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N