CVE-2023-41104

CVSS 3.1 Score 6.5 of 10 (medium)

Details

Published Aug 23, 2023
Updated: Aug 28, 2023
CWE ID 119

Summary

CVE-2023-41104 is a newly disclosed vulnerability affecting libvmod-digest versions prior to 1.0.3, which is utilized in Varnish Enterprise 6.0.x before 6.0.11r5. This flaw results in out-of-bounds memory access during base64 decoding, granting both authentication bypass and information disclosure capabilities. The attack surface extensively depends on the specific configuration of the Varnish Configuration Language (VCL) used in each affected environment.

Ligh bulbPrevent cyber attacks with Recorded Future by prioritizing and patching critical vulnerabilities being exploited by threat actors targeting your industry. Book your demo to learn more.

Share