Squid Caching Proxy Vulnerable to Memory Corruption Attack
CVE-2024-37894

6.3MEDIUM

Key Information:

Vendor: Squid-cache
Status: Squid
Vendor: CVE Published:; 25 June 2024

🔔 Create Squid-cache Vulnerability Alert

What is CVE-2024-37894?

Squid is a caching proxy for the Web supporting HTTP, HTTPS, FTP, and more. Due to an Out-of-bounds Write error when assigning ESI variables, Squid is susceptible to a Memory Corruption error. This error can lead to a Denial of Service attack.

Affected Version(s)

squid >= 3.0, <= 3.5.28 <= 3.0, 3.5.28

squid >= 4.0, <= 4.16 <= 4.0, 4.16

squid >= 5.0, <= 5.9 <= 5.0, 5.9

References

https://github.com/squid-cache/squid/security/advisories/...

x_refsource_CONFIRM

https://github.com/squid-cache/squid/commit/f411fe7d75197...

x_refsource_MISC

https://security.netapp.com/advisory/ntap-20240719-0001/

CVSS V3.1

Score:

6.3

Severity:

MEDIUM

Confidentiality:

None

Integrity:

None

Availability:

None

Attack Vector:

Network

Attack Complexity:

High

Privileges Required:

Low

User Interaction:

None

Scope:

Changed

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Jun 25, 2024
Vulnerability Reserved
Jun 10, 2024