PT-2023-27789 · Varnish · Varnish Enterprise+1
Publicado
2023-08-23
·
Atualizado
2023-08-28
·
CVE-2023-41104
CVSS v3.1
6.5
Média
| Vetor | AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N |
Name of the Vulnerable Software and Affected Versions
libvmod-digest versions prior to 1.0.3
Varnish Enterprise versions 6.0.x prior to 6.0.11r5
Description
The issue is caused by an out-of-bounds memory access during base64 decoding, leading to both authentication bypass and information disclosure. The exact attack surface will depend on the particular VCL (Varnish Configuration Language) configuration in use.
Recommendations
For libvmod-digest versions prior to 1.0.3, update to version 1.0.3 or later.
For Varnish Enterprise versions 6.0.x prior to 6.0.11r5, update to version 6.0.11r5 or later.
Correção
Buffer Overflow
Encontrou algum problema na descrição? Tem algo a acrescentar? Fique à vontade para nos escrever 👾
Enumeração de Fraquezas
Identificadores relacionados
Produtos afetados
Varnish Enterprise
Libvmod-Digest