6.5
CVE-2023-41104
- EPSS 0.18%
- Veröffentlicht 23.08.2023 07:15:08
- Zuletzt bearbeitet 21.11.2024 08:20:35
- Quelle cve@mitre.org
- Teams Watchlist Login
- Unerledigt Login
libvmod-digest before 1.0.3, as used in Varnish Enterprise 6.0.x before 6.0.11r5, has an out-of-bounds memory access during base64 decoding, leading to both authentication bypass and information disclosure; however, the exact attack surface will depend on the particular VCL (Varnish Configuration Language) configuration in use.
Daten sind bereitgestellt durch National Vulnerability Database (NVD)
Varnish-software ≫ Varnish Enterprise Version >= 6.0.0 < 6.0.11
Varnish-software ≫ Varnish Enterprise Version6.0.11 Update-
Varnish-software ≫ Varnish Enterprise Version6.0.11 Updater1
Varnish-software ≫ Varnish Enterprise Version6.0.11 Updater2
Varnish-software ≫ Varnish Enterprise Version6.0.11 Updater3
Varnish-software ≫ Varnish Enterprise Version6.0.11 Updater4
Varnish-software ≫ Vmod Digest Version < 1.0.3
Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.
| Typ | Quelle | Score | Percentile |
|---|---|---|---|
| EPSS | FIRST.org | 0.18% | 0.403 |
| Quelle | Base Score | Exploit Score | Impact Score | Vector String |
|---|---|---|---|---|
| nvd@nist.gov | 6.5 | 3.9 | 2.5 |
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N
|
CWE-119 Improper Restriction of Operations within the Bounds of a Memory Buffer
The product performs operations on a memory buffer, but it reads from or writes to a memory location outside the buffer's intended boundary. This may result in read or write operations on unexpected memory locations that could be linked to other variables, data structures, or internal program data.