CVE-2024-37894 — Out-of-bounds Write in Squid

CWE-787 — Out-of-bounds Write6 documents6 sources

Severity

6.3MEDIUMNVD

EPSS

1.3%

top 20.24%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Squid Squid-cache Squid

Timeline

PublishedJun 25

Latest updateJul 23

Description

Squid is a caching proxy for the Web supporting HTTP, HTTPS, FTP, and more. Due to an Out-of-bounds Write error when assigning ESI variables, Squid is susceptible to a Memory Corruption error. This error can lead to a Denial of Service attack.

CVSS vector

CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:C/C:N/I:N/A:HExploitability: 1.8 | Impact: 4.0

Affected Packages3 packages

▶NVDsquid-cache/squid3.0 — 6.10

▶Debiansquid/squid< 4.13-10+deb11u4+3

▶CVEListV5squid-cache/squid4 versions+3

Patches

Patch: github.com ↗Patch: github.com ↗Patch: github.com ↗

🔴Vulnerability Details

CVEList

Squid vulnerable to heap corruption in ESI assign↗2024-06-25

▶

OSV

CVE-2024-37894: Squid is a caching proxy for the Web supporting HTTP, HTTPS, FTP, and more↗2024-06-25

▶

📋Vendor Advisories

Ubuntu

Squid vulnerability↗2024-07-23

▶

Red Hat

squid: Out-of-bounds write error may lead to Denial of Service↗2024-06-25

▶

Debian

CVE-2024-37894: squid - Squid is a caching proxy for the Web supporting HTTP, HTTPS, FTP, and more. Due ...↗2024

▶