CVE-2024-37894

Summary

Squid is a caching proxy for the Web supporting HTTP, HTTPS, FTP, and more. Due to an Out-of-bounds Write error when assigning ESI variables, Squid is susceptible to a Memory Corruption error. This error can lead to a Denial of Service attack.

Affected Software

VendorProductVersion RangeStatus
squid-cachesquid>= 3.0, <= 3.5.28affected
squid-cachesquid>= 4.0, <= 4.16affected
squid-cachesquid>= 5.0, <= 5.9affected
squid-cachesquid>= 6.0, <= 6.9affected

Weaknesses

  • CWE-787: CWE-787: Out-of-bounds Write

ADP Enrichment

CISA ADP Vulnrichment

  • SSVC:
  • Exploitation: none
    • Automatable: no
    • Technical Impact: partial

CVE Program Container

Additional References

References