libvmod-digest prior to 1.0.3, as used in Varnish Enterprise 6.0.x prior to 6.0.11r5, has an out-of-bounds memory access during base64 decoding, leading to both authentication bypass and information disclosure; however, the exact attack surface will depend on the particular VCL (Varnish Configuration Language) configuration in use.
Vulnerable Product | Search on Vulmon | Subscribe to Product |
---|---|---|
varnish-software vmod digest |
||
varnish-software varnish enterprise 6.0.11 |
||
varnish-software varnish enterprise |