CVE-2024-50305

CWE-20Improper Input ValidationCWE-120Classic Buffer Overflow6 documents6 sources
Severity
7.5HIGH
EPSS
0.3%
top 45.18%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
2
Apache Traffic ServerApache Software Foundation Apache Traffic Server
Timeline
PublishedNov 14
Latest updateFeb 18

Description

Valid Host header field can cause Apache Traffic Server to crash on some platforms. This issue affects Apache Traffic Server: from 9.2.0 through 9.2.5. Users are recommended to upgrade to version 9.2.6, which fixes the issue, or 10.0.2, which does not have the issue.

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:HExploitability: 3.9 | Impact: 3.6

Affected Packages3 packages

NVDapache/traffic_server9.0.09.2.6
Debiantrafficserver< 9.2.5+ds-0+deb12u2

🔴Vulnerability Details

3
CVEList
Apache Traffic Server: Valid Host field value can cause crashes2024-11-14
GHSA
GHSA-45gh-j7vr-755q: Valid Host header field can cause Apache Traffic Server to crash on some platforms2024-11-14
OSV
CVE-2024-50305: Valid Host header field can cause Apache Traffic Server to crash on some platforms2024-11-14

📋Vendor Advisories

2
Ubuntu
Apache Traffic Server vulnerability2026-02-18
Debian
CVE-2024-50305: trafficserver - Valid Host header field can cause Apache Traffic Server to crash on some platfor...2024
CVE-2024-50305 (HIGH CVSS 7.5) | Valid Host header field can cause A | cvebase.io