MEDIUM🇵🇱 Wersja polska

CVE-2023-41104

CVSS 6.5v3.1pub. 2023-08-23upd. 2024-11-21

libvmod-digest before 1.0.3, as used in Varnish Enterprise 6.0.x before 6.0.11r5, has an out-of-bounds memory access during base64 decoding, leading to both authentication bypass and information disclosure; however, the exact attack surface will depend on the particular VCL (Varnish Configuration Language) configuration in use.

CVSS Vector
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N
  • Varnish Software Varnish Enterprise

    APP
    Varnish-Software
    6.0.116.0.0 – 6.0.11 (bez)
  • Varnish Software Vmod Digest

    APP
    Varnish-Software
    < 1.0.3
🔵
CHECK WITH VENDOR
No clear patch data available. Check vendor references.
Tags
Auth BypassMemory
CWE
References

Related vulnerabilities

CVE-2026-40394MEDIUM4.0ten sam produkt

Varnish Cache 9 before 9.0.1 and Varnish Enterprise before 6.0.16r11 allows a "workspace overflow" denial of s...

CVE-2026-40395MEDIUM4.0ten sam produkt

Varnish Enterprise before 6.0.16r12 allows a "workspace overflow" denial of service (daemon panic) for shared ...

CVE-2026-34475MEDIUM5.4ten sam produkt

Varnish Cache before 8.0.1 and Varnish Enterprise before 6.0.16r12, in certain unchecked req.url scenarios, mi...

CVE-2025-30346MEDIUM5.4ten sam produkt

Varnish Cache before 7.6.2 and Varnish Enterprise before 6.0.13r10 allow client-side desync via HTTP/1 request...

CVE-2025-30347MEDIUM4.0ten sam produkt

Varnish Enterprise before 6.0.13r13 allows remote attackers to obtain sensitive information via an out-of-boun...