vulnerability

FreeBSD: VID-64bec4c7-d785-11f0-a1c0-0050569f0b83 (CVE-2023-41104): www/varnish-libvmod-digest -- base64 decoding vulnerability

Try Surface Command

Back to search

Severity	CVSS	Published	Added	Modified
6	(AV:N/AC:L/Au:N/C:P/I:P/A:N)	Dec 12, 2025	Jan 27, 2026	Jan 27, 2026

Severity

CVSS

(AV:N/AC:L/Au:N/C:P/I:P/A:N)

Published

Dec 12, 2025

Added

Jan 27, 2026

Modified

Jan 27, 2026

Description

varnish developers report: Common usage of vmod-digest is for basic HTTP authentication, in which case it may be possible for an attacker to circumvent the authentication check. If the decoded result string is somehow being made visible to the attacker (for example the result of the decoding is added to a response header), then there is the potential for information disclosure from reading out of band workspace data.

Solution

freebsd-upgrade-package-varnish-libvmod-digest

References

CVE-2023-41104
https://attackerkb.com/topics/CVE-2023-41104
CWE-119

NEW

Explore Exposure Command

Confidently identify and prioritize exposures from endpoint to cloud with full attack surface visibility and threat-aware risk context.

Try it today