Products
Squid
Source
security-advisories@github.com
Tags
CVE-2024-37894 details
Published : June 25, 2024, 8:15 p.m.
Last Modified : June 25, 2024, 8:15 p.m.
Last Modified : June 25, 2024, 8:15 p.m.
Description
Squid is a caching proxy for the Web supporting HTTP, HTTPS, FTP, and more. Due to an Out-of-bounds Write error when assigning ESI variables, Squid is susceptible to a Memory Corruption error. This error can lead to a Denial of Service attack.
CVSS Score
| 1 | 2 | 3 | 4 | 5 | 6.3 | 7 | 8 | 9 | 10 |
|---|
Weakness
| Weakness | Name | Description |
|---|---|---|
| CWE-787 | Out-of-bounds Write | The product writes data past the end, or before the beginning, of the intended buffer. |
CVSS Data
Attack Vector
NETWORK
Attack Complexity
HIGH
Privileges Required
LOW
Scope
CHANGED
Confidentiality Impact
NONE
Integrity Impact
NONE
Availability Impact
HIGH
Base Score
6.3
Exploitability Score
1.8
Impact Score
4.0
Base Severity
MEDIUM
Vector String : CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:C/C:N/I:N/A:H
References
| URL | Source |
|---|---|
| https://github.com/squid-cache/squid/commit/f411fe7d75197852f0e5ee85027a06d58dd8df4c.patch | security-advisories@github.com |
| https://github.com/squid-cache/squid/security/advisories/GHSA-wgvf-q977-9xjg | security-advisories@github.com |
This website uses the NVD API, but is not approved or certified by it.