CVE-2024-37894

Updated: 2024-07-24 07:05:37.708916

Description:

Squid is a caching proxy for the Web supporting HTTP, HTTPS, FTP, and more. Due to an Out-of-bounds Write error when assigning ESI variables, Squid is susceptible to a Memory Corruption error. This error can lead to a Denial of Service attack.


Links NIST CIRCL RHEL Ubuntu

Severity

Severity Score
CVSS Version 2.x NONE 0
CVSS Version 3.x MEDIUM 6.3

Status

OS name Project name Version Score Severity Status Errata Last updated

Statement

AlmaLinux 9.2 ESU squid 5.5 6.3 MEDIUM Needs Triage 2024-11-25 11:46:46
CentOS 6 ELS squid 3.1.23 6.3 MEDIUM Ignored 2024-07-25 05:18:04
CentOS 8.4 ELS squid 4.11-4 6.3 MEDIUM Ignored 2024-07-25 05:18:04
CentOS 8.5 ELS squid 4.15-1 6.3 MEDIUM Ignored 2024-07-25 05:18:04
CentOS Stream 8 ELS squid 4.15 6.3 MEDIUM Ignored 2024-07-25 05:18:04
CloudLinux 6 ELS squid 3.1.23 6.3 MEDIUM Ignored 2024-07-25 05:18:04
CloudLinux 7 ELS squid 3.5.20 6.3 MEDIUM Ignored 2024-07-25 05:18:04
Oracle Linux 6 ELS squid 3.1.23 6.3 MEDIUM Ignored 2024-07-25 05:18:04
Ubuntu 16.04 ELS squid 3.5.12-1 6.3 MEDIUM Released CLSA-2024:1725012247 2024-08-30 12:19:09
Ubuntu 18.04 ELS squid 3.5.27-1 6.3 MEDIUM Released CLSA-2024:1725012269 2024-08-30 12:19:10