VSV00012: Vulnerability in vmod_digest

Poul-Henning Kamp phk at phk.freebsd.dk
Thu Aug 17 07:16:18 UTC 2023

A base64 decoding vulnerability has been discovered in vmod-digest.

Vmod-digest is a 3rd party VMOD, maintained and distributed
by Varnish Software, but since it was one of the first VMODs
and has seen very wide deployment, we consider this vulnerability
important enough to issue a VSV, even though no code maintained
by the Varnish Cache Project is involved.

More info at:





Poul-Henning Kamp       | UNIX since Zilog Zeus 3.20
phk at FreeBSD.ORG         | TCP/IP since RFC 956
FreeBSD committer       | BSD since 4.3-tahoe
Never attribute to malice what can adequately be explained by incompetence.

More information about the varnish-announce mailing list