CVE-2024-37894

EUVD-2024-36874
Squid is a caching proxy for the Web supporting HTTP, HTTPS, FTP, and more. Due to an Out-of-bounds Write error when assigning ESI variables, Squid is susceptible to a Memory Corruption error. This error can lead to a Denial of Service attack.
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTPrimary
6.3 MEDIUM
NETWORK
HIGH
LOW
CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:C/C:N/I:N/A:H
GitHub_MCNA
6.3 MEDIUM
NETWORK
HIGH
LOW
CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:C/C:N/I:N/A:H
Base Score
CVSS 3.x
EPSS Score
Percentile: 79%
Affected Products (NVD)
VendorProductVersion
squid-cachesquid
3.0 ≤
𝑥
< 6.10
𝑥
= Vulnerable software versions
Debian logo
Debian Releases
Debian Product
Codename
squid
bookworm
5.7-2+deb12u3
fixed
bookworm (security)
5.7-2+deb12u4
fixed
bullseye
vulnerable
bullseye (security)
4.13-10+deb11u6
fixed
forky
7.2-2
fixed
sid
7.2-2
fixed
trixie
6.13-2+deb13u1
fixed
trixie (security)
6.13-2+deb13u1
fixed
Ubuntu logo
Ubuntu Releases
Ubuntu Product
Codename
squid3
bionic
Fixed 3.5.27-1ubuntu1.14+esm3
released
focal
dne
jammy
dne
mantic
dne
noble
dne
xenial
Fixed 3.5.12-1ubuntu7.16+esm4
released
squid
focal
Fixed 4.10-1ubuntu1.13
released
jammy
Fixed 5.9-0ubuntu0.22.04.2
released
mantic
ignored
noble
Fixed 6.6-1ubuntu5.1
released
Common Weakness Enumeration
References
https://github.com/squid-cache/squid/commit/f411fe7d75197852f0e5ee85027a06d58dd8df4c.patch
https://github.com/squid-cache/squid/security/advisories/GHSA-wgvf-q977-9xjg
https://security.netapp.com/advisory/ntap-20240719-0001/
https://github.com/squid-cache/squid/commit/f411fe7d75197852f0e5ee85027a06d58dd8df4c.patch
https://github.com/squid-cache/squid/security/advisories/GHSA-wgvf-q977-9xjg
https://lists.debian.org/debian-lts-announce/2025/03/msg00009.html
https://security.netapp.com/advisory/ntap-20240719-0001/