← back
CVE-2023-41104

CVE-2023-41104

EPSS 0.5%
libvmod-digest before 1.0.3, as used in Varnish Enterprise 6.0.x before 6.0.11r5, has an out-of-bounds memory access during base64 decoding, leading to both authentication bypass and information disclosure; however, the exact attack surface will depend on the particular VCL (Varnish Configuration Language) configuration in use.
Affected products
n/a · n/a

Want to know if your infrastructure is exposed to this?

Talk to TrueHacking →
References
https://docs.varnish-software.com/security/VSV00012/https://github.com/varnish/libvmod-digest/releases/tag/libvmod-digest-1.0.3https://www.varnish-cache.org/security/VSV00012.html