CVE-2024-50306

CWE-252 — Unchecked Return Value5 documents5 sources

Severity

9.1CRITICAL

EPSS

0.8%

top 25.61%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Apache Traffic Server Apache Software Foundation Apache Traffic Server

Timeline

PublishedNov 14

Description

Unchecked return value can allow Apache Traffic Server to retain privileges on startup. This issue affects Apache Traffic Server: from 9.2.0 through 9.2.5, from 10.0.0 through 10.0.1. Users are recommended to upgrade to version 9.2.6 or 10.0.2, which fixes the issue.

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:HExploitability: 3.9 | Impact: 5.2

Affected Packages3 packages

▶NVDapache/traffic_server9.0.0 — 9.2.6+1

▶CVEListV5apache_software_foundation/apache_traffic_server9.2.0 — 9.2.5+1

▶Debiantrafficserver< 8.1.11+ds-0+deb11u2+1

🔴Vulnerability Details

GHSA

GHSA-6j2p-q7p9-hmxw: Unchecked return value can allow Apache Traffic Server to retain privileges on startup↗2024-11-14

▶

CVEList

Apache Traffic Server: Server process can fail to drop privilege↗2024-11-14

▶

OSV

CVE-2024-50306: Unchecked return value can allow Apache Traffic Server to retain privileges on startup↗2024-11-14

▶

📋Vendor Advisories

Debian

CVE-2024-50306: trafficserver - Unchecked return value can allow Apache Traffic Server to retain privileges on s...↗2024

▶