libvmod-digest before 1.0.3, as used in Varnish Enterprise 6.0.x before 6.0.11r5, has an out-of-bounds memory access during base64 decoding, leading to both authentication bypass and information disclosure; however, the exact attack surface will depend on the particular VCL (Varnish Configuration Language) configuration in use.
References
Link | Resource |
---|---|
https://docs.varnish-software.com/security/VSV00012/ | Mitigation Vendor Advisory |
https://github.com/varnish/libvmod-digest/releases/tag/libvmod-digest-1.0.3 | Release Notes |
https://www.varnish-cache.org/security/VSV00012.html | Patch Vendor Advisory |
https://docs.varnish-software.com/security/VSV00012/ | Mitigation Vendor Advisory |
https://github.com/varnish/libvmod-digest/releases/tag/libvmod-digest-1.0.3 | Release Notes |
https://www.varnish-cache.org/security/VSV00012.html | Patch Vendor Advisory |
Configurations
Configuration 1 (hide)
|
History
21 Nov 2024, 08:20
Type | Values Removed | Values Added |
---|---|---|
New CVE |
Information
Published : 2023-08-23 07:15
Updated : 2024-11-21 08:20
NVD link : CVE-2023-41104
Mitre link : CVE-2023-41104
CVE.ORG link : CVE-2023-41104
JSON object : View
Products Affected
varnish-software
- varnish_enterprise
- vmod_digest
CWE
CWE-119
Improper Restriction of Operations within the Bounds of a Memory Buffer