CVE-2024-37894

medium

Description

Squid is a caching proxy for the Web supporting HTTP, HTTPS, FTP, and more. Due to an Out-of-bounds Write error when assigning ESI variables, Squid is susceptible to a Memory Corruption error. This error can lead to a Denial of Service attack.

References

https://security.netapp.com/advisory/ntap-20240719-0001/

https://github.com/squid-cache/squid/security/advisories/GHSA-wgvf-q977-9xjg

https://github.com/squid-cache/squid/commit/f411fe7d75197852f0e5ee85027a06d58dd8df4c.patch

Details

Source: Mitre, NVD

Published: 2024-06-25

Updated: 2024-07-19

Risk Information

CVSS v2

Base Score: 4.9

Vector: CVSS2#AV:N/AC:H/Au:S/C:N/I:N/A:C

Severity: Medium

CVSS v3

Base Score: 6.3

Vector: CVSS:3.0/AV:N/AC:H/PR:L/UI:N/S:C/C:N/I:N/A:H

Severity: Medium