suse · CVE-2022-23959

Quick triage

Priority: high Published: 2022-01-28 02:38:34 UTC Updated: 2025-02-16 03:09:35 UTC

View at Official suse advisory, NVD, CVE.org · CVE detail

Freshness: upstream tracker timestamp is available; use API updated time as primary recency signal.

Tracker summary

CVE-2022-23959 severity important: SUSE including 13 source package names (libvarnishapi3-7.1.0-1.1, libvarnishapi3-7.1.0-bp153.2.3.1, …), 19 product×package rows across 6 product lines (SUSE Liberty Linux 8, SUSE Package Hub 15 SP3, … (6 product lines)): Fixed 19.

Description:

In Varnish Cache before 6.6.2 and 7.x before 7.0.2, Varnish Cache 6.0 LTS before 6.0.10, and and Varnish Enterprise (Cache Plus) 4.1.x before 4.1.11r6 and 6.0.x before 6.0.9r4, request smuggling can occur for HTTP/1 connections.

cvelogic Threat Intelligence