CVE-2023-41104

Name of the Vulnerable Software and Affected Versions libvmod-digest versions prior to 1.0.3 Varnish Enterprise versions 6.0.x prior to 6.0.11r5

Description The issue is caused by an out-of-bounds memory access during base64 decoding, leading to both authentication bypass and information disclosure. The exact attack surface will depend on the particular VCL (Varnish Configuration Language) configuration in use.

Recommendations For libvmod-digest versions prior to 1.0.3, update to version 1.0.3 or later. For Varnish Enterprise versions 6.0.x prior to 6.0.11r5, update to version 6.0.11r5 or later.