CVE-2024-37894

Name
CVE-2024-37894
Description
Squid is a caching proxy for the Web supporting HTTP, HTTPS, FTP, and more. Due to an Out-of-bounds Write error when assigning ESI variables, Squid is susceptible to a Memory Corruption error. This error can lead to a Denial of Service attack.
NVD Severity
medium
Other trackers
Mailing lists
Exploits
Forges
GitHub (code, issues), Aports (code, issues)

References

Type URI
CONFIRM https://github.com/squid-cache/squid/security/advisories/GHSA-wgvf-q977-9xjg
MISC https://github.com/squid-cache/squid/commit/f411fe7d75197852f0e5ee85027a06d58dd8df4c.patch

Match rules

CPE URI Source package Min version Max version
squid >= 3.0 <= 3.5.28
squid >= 4.0 <= 4.16
squid >= 5.0 <= 5.9
squid >= 6.0 <= 6.9

Vulnerable and fixed packages

Source package Branch Version Maintainer Status
squid 3.20-main 6.9-r0 Natanael Copa <ncopa@alpinelinux.org> possibly vulnerable
squid 3.19-main 6.6-r0 Natanael Copa <ncopa@alpinelinux.org> possibly vulnerable
squid 3.18-main 5.9-r0 Natanael Copa <ncopa@alpinelinux.org> possibly vulnerable
squid 3.17-main 5.7-r0 Natanael Copa <ncopa@alpinelinux.org> possibly vulnerable
squid 3.16-main 5.5-r1 Natanael Copa <ncopa@alpinelinux.org> possibly vulnerable