From phk at phk.freebsd.dk  Thu Aug 17 07:16:18 2023
From: phk at phk.freebsd.dk (Poul-Henning Kamp)
Date: Thu, 17 Aug 2023 07:16:18 +0000
Subject: VSV00012: Vulnerability in vmod_digest
Message-ID: <202308170716.37H7GIgO016452@critter.freebsd.dk>

A base64 decoding vulnerability has been discovered in vmod-digest.

Vmod-digest is a 3rd party VMOD, maintained and distributed
by Varnish Software, but since it was one of the first VMODs
and has seen very wide deployment, we consider this vulnerability
important enough to issue a VSV, even though no code maintained
by the Varnish Cache Project is involved.

More info at:

	https://varnish-cache.org/security/VSV00012.html

and:

	https://docs.varnish-software.com/security/VSV00012/

Poul-Henning

-- 
Poul-Henning Kamp       | UNIX since Zilog Zeus 3.20
phk at FreeBSD.ORG         | TCP/IP since RFC 956
FreeBSD committer       | BSD since 4.3-tahoe
Never attribute to malice what can adequately be explained by incompetence.