Lucene search
GitHub_MCVELIST:CVE-2024-37894HistoryJun 25, 2024 - 7:39 p.m.
CVE-2024-37894 Squid vulnerable to heap corruption in ESI assign
2024-06-2519:39:02
CWE-787
GitHub_M
www.cve.org
2
squid
proxy
vulnerability
out-of-bounds write
memory corruption
denial of service
6.3 Medium
CVSS3
Attack Vector
NETWORK
Attack Complexity
HIGH
Privileges Required
LOW
User Interaction
NONE
Scope
CHANGED
Confidentiality Impact
NONE
Integrity Impact
NONE
Availability Impact
HIGH
CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:C/C:N/I:N/A:H
0.0004 Low
EPSS
Percentile
9.1%
Squid is a caching proxy for the Web supporting HTTP, HTTPS, FTP, and more. Due to an Out-of-bounds Write error when assigning ESI variables, Squid is susceptible to a Memory Corruption error. This error can lead to a Denial of Service attack.
CNA Affected
[
{
"vendor": "squid-cache",
"product": "squid",
"versions": [
{
"version": ">= 3.0, <= 3.5.28",
"status": "affected"
},
{
"version": ">= 4.0, <= 4.16",
"status": "affected"
},
{
"version": ">= 5.0, <= 5.9",
"status": "affected"
},
{
"version": ">= 6.0, <= 6.9",
"status": "affected"
}
]
}
]Related
vulnrichment
vulnrichment
CVE-2024-37894 Squid vulnerable to heap corruption in ESI assign
2024-06-25 19:39:02
alpinelinux
alpinelinux
CVE-2024-37894
2024-06-25 20:15:11
debiancve
debiancve
CVE-2024-37894
2024-06-25 20:15:11
openvas
openvas
Squid DoS Vulnerability (GHSA-wgvf-q977-9xjg, SQUID-2024:3)
2023-10-20 00:00:00
redhatcve
redhatcve
CVE-2024-37894
2024-06-26 01:21:26
nvd
nvd
CVE-2024-37894
2024-06-25 20:15:11
cve
cve
CVE-2024-37894
2024-06-25 20:15:11
6.3 Medium
CVSS3
Attack Vector
NETWORK
Attack Complexity
HIGH
Privileges Required
LOW
User Interaction
NONE
Scope
CHANGED
Confidentiality Impact
NONE
Integrity Impact
NONE
Availability Impact
HIGH
CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:C/C:N/I:N/A:H
0.0004 Low
EPSS
Percentile
9.1%
Related for CVELIST:CVE-2024-37894