CVE-2023-41104
CVSS 3.1 Score 6.5 of 10 (medium)
Details
Published Aug 23, 2023
Updated: Aug 28, 2023
CWE ID 119
Summary
CVE-2023-41104 is a newly disclosed vulnerability affecting libvmod-digest versions prior to 1.0.3, which is utilized in Varnish Enterprise 6.0.x before 6.0.11r5. This flaw results in out-of-bounds memory access during base64 decoding, granting both authentication bypass and information disclosure capabilities. The attack surface extensively depends on the specific configuration of the Varnish Configuration Language (VCL) used in each affected environment.
Prevent cyber attacks with Recorded Future by prioritizing and patching critical vulnerabilities being exploited by threat actors targeting your industry. Book your demo to learn more.
Share
Affected Vendors
- Varnish Software