cbcvebase.
CVE-2024-37894
published 2024-06-25

CVE-2024-37894: Squid is a caching proxy for the Web supporting HTTP, HTTPS, FTP, and more. Due to an Out-of-bounds Write error when assigning ESI variables, Squid is…

PriorityP337medium6.3CVSS 3.1
AVNACHPRLUINSCCNINAH
EPSS
6.25%
92.7th percentile
Squid is a caching proxy for the Web supporting HTTP, HTTPS, FTP, and more. Due to an Out-of-bounds Write error when assigning ESI variables, Squid is susceptible to a Memory Corruption error. This error can lead to a Denial of Service attack.

Affected

10 ranges
VendorProductVersion rangeFixed in
debiansquid< squid 5.7-2+deb12u2 (bookworm)squid 5.7-2+deb12u2 (bookworm)
squid-cachesquid
squid-cachesquid
squid-cachesquid
squid-cachesquid
squid-cachesquid>= 3.0 < 6.106.10
squidsquid>= 0 < 4.13-10+deb11u44.13-10+deb11u4
squidsquid>= 0 < 5.7-2+deb12u25.7-2+deb12u2
squidsquid>= 0 < 6.10-16.10-1
squidsquid>= 0 < 6.10-16.10-1

CVSS provenance

nvdv3.16.3MEDIUMCVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:C/C:N/I:N/A:H
osv6.3MEDIUM
vendor_debian6.3MEDIUM
vendor_redhat6.3MEDIUM
Stop checking back — get the weekly exploitation signal.

Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.