CVE-2023-41104

{"id": "CVE-2023-41104", "metrics": {"cvssMetricV31": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 6.5, "attackVector": "NETWORK", "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N", "integrityImpact": "LOW", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "NONE", "privilegesRequired": "NONE", "confidentialityImpact": "LOW"}, "impactScore": 2.5, "exploitabilityScore": 3.9}]}, "published": "2023-08-23T07:15:08.417", "references": [{"url": "https://docs.varnish-software.com/security/VSV00012/", "tags": ["Mitigation", "Vendor Advisory"], "source": "cve@mitre.org"}, {"url": "https://github.com/varnish/libvmod-digest/releases/tag/libvmod-digest-1.0.3", "tags": ["Release Notes"], "source": "cve@mitre.org"}, {"url": "https://www.varnish-cache.org/security/VSV00012.html", "tags": ["Patch", "Vendor Advisory"], "source": "cve@mitre.org"}], "vulnStatus": "Analyzed", "weaknesses": [{"type": "Primary", "source": "nvd@nist.gov", "description": [{"lang": "en", "value": "CWE-119"}]}], "descriptions": [{"lang": "en", "value": "libvmod-digest before 1.0.3, as used in Varnish Enterprise 6.0.x before 6.0.11r5, has an out-of-bounds memory access during base64 decoding, leading to both authentication bypass and information disclosure; however, the exact attack surface will depend on the particular VCL (Varnish Configuration Language) configuration in use."}], "lastModified": "2023-08-28T21:41:07.790", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:varnish-software:varnish_enterprise:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "E51F4EF4-1AFE-4395-904D-FDDE83B19CFB", "versionEndExcluding": "6.0.11", "versionStartIncluding": "6.0.0"}, {"criteria": "cpe:2.3:a:varnish-software:varnish_enterprise:6.0.11:-:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "48190A61-CD4F-4C9D-8C82-13A14470BA58"}, {"criteria": "cpe:2.3:a:varnish-software:varnish_enterprise:6.0.11:r1:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "943E3FE8-EA6D-4500-8014-697A9A0CEF91"}, {"criteria": "cpe:2.3:a:varnish-software:varnish_enterprise:6.0.11:r2:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "F2CBF396-441D-44F2-BAFF-D3B2A981FBCD"}, {"criteria": "cpe:2.3:a:varnish-software:varnish_enterprise:6.0.11:r3:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "136343D5-80C1-4F83-8471-2C26F9FD492A"}, {"criteria": "cpe:2.3:a:varnish-software:varnish_enterprise:6.0.11:r4:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "A34B5F57-B86F-41CB-A3D8-9084960D3E45"}, {"criteria": "cpe:2.3:a:varnish-software:vmod_digest:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "739EF024-4944-4B7B-8872-843CECF9F928", "versionEndExcluding": "1.0.3"}], "operator": "OR"}]}], "sourceIdentifier": "cve@mitre.org"}