Vulnerability Description
Squid is a caching proxy for the Web supporting HTTP, HTTPS, FTP, and more. Due to an Out-of-bounds Write error when assigning ESI variables, Squid is susceptible to a Memory Corruption error. This error can lead to a Denial of Service attack.
CVSS Score
MEDIUM
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Squid-Cache | Squid | >= 3.0, < 6.10 |
Related Weaknesses (CWE)
References
- https://github.com/squid-cache/squid/commit/f411fe7d75197852f0e5ee85027a06d58dd8Patch
- https://github.com/squid-cache/squid/security/advisories/GHSA-wgvf-q977-9xjgPatchVendor Advisory
- https://security.netapp.com/advisory/ntap-20240719-0001/Third Party Advisory
- https://github.com/squid-cache/squid/commit/f411fe7d75197852f0e5ee85027a06d58dd8Patch
- https://github.com/squid-cache/squid/security/advisories/GHSA-wgvf-q977-9xjgPatchVendor Advisory
- https://lists.debian.org/debian-lts-announce/2025/03/msg00009.html
- https://security.netapp.com/advisory/ntap-20240719-0001/Third Party Advisory
FAQ
What is CVE-2024-37894?
CVE-2024-37894 is a vulnerability with a CVSS score of 6.3 (MEDIUM). Squid is a caching proxy for the Web supporting HTTP, HTTPS, FTP, and more. Due to an Out-of-bounds Write error when assigning ESI variables, Squid is susceptible to a Memory Corruption error. This er...
How severe is CVE-2024-37894?
CVE-2024-37894 has been rated MEDIUM with a CVSS base score of 6.3/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2024-37894?
Check the references section above for vendor advisories and patch information. Affected products include: Squid-Cache Squid.