FreeBSD VuXML: Documenting security issues in FreeBSD and the FreeBSD Ports Collection

www/varnish-libvmod-digest -- base64 decoding vulnerability

Affected packages
varnish-libvmod-digest < 1.0.3

Details

VuXML ID 64bec4c7-d785-11f0-a1c0-0050569f0b83
Discovery 2023-08-17
Entry 2025-12-12

varnish developers report:

Common usage of vmod-digest is for basic HTTP authentication, in which case it may be possible for an attacker to circumvent the authentication check. If the decoded result string is somehow being made visible to the attacker (for example the result of the decoding is added to a response header), then there is the potential for information disclosure from reading out of band workspace data.

[source]

References

CVE Name CVE-2023-41104
URL https://vinyl-cache.org/security/VSV00012.html

Copyright © 2003-2005 Jacques Vidrine and contributors.
Please see the source of this document for full copyright information.