Skip to main content

Squid CVE-2024-37894

MEDIUM
Out-of-bounds Write (CWE-787)
2024-06-25 security-advisories@github.com
6.3
CVSS 3.1 · Vendor: github
Share

Severity by source

Vendor (github) PRIMARY
6.3 MEDIUM
AV:N/AC:H/PR:L/UI:N/S:C/C:N/I:N/A:H

Primary rating from Vendor (github) · only source for this CVE.

CVSS VectorVendor: github

CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:C/C:N/I:N/A:H
Attack Vector
Network
Attack Complexity
High
Privileges Required
Low
User Interaction
None
Scope
Changed
Confidentiality
None
Integrity
None
Availability
High

Lifecycle Timeline

1
CVE Published
Jun 25, 2024 - 20:15 cve.org
MEDIUM 6.3

DescriptionCVE.org

Squid is a caching proxy for the Web supporting HTTP, HTTPS, FTP, and more. Due to an Out-of-bounds Write error when assigning ESI variables, Squid is susceptible to a Memory Corruption error. This error can lead to a Denial of Service attack.

AnalysisAI

Squid is a caching proxy for the Web supporting HTTP, HTTPS, FTP, and more. Rated medium severity (CVSS 6.3), this vulnerability is remotely exploitable. This Out-of-bounds Write vulnerability could allow attackers to write data beyond allocated buffer boundaries leading to code execution or crashes.

Technical ContextAI

This vulnerability is classified as Out-of-bounds Write (CWE-787), which allows attackers to write data beyond allocated buffer boundaries leading to code execution or crashes. Squid is a caching proxy for the Web supporting HTTP, HTTPS, FTP, and more. Due to an Out-of-bounds Write error when assigning ESI variables, Squid is susceptible to a Memory Corruption error. This error can lead to a Denial of Service attack. Affected products include: Squid-Cache Squid.

RemediationAI

A vendor patch is available. Apply the latest security update as soon as possible. Validate write boundaries, use memory-safe languages, enable compiler protections (ASLR, stack canaries).

More in Squid

View all
CVE-2016-4553 HIGH
8.6 May 10

client_side.cc in Squid before 3.5.18 and 4.x before 4.0.10 does not properly ignore the Host header when absolute-URI i

CVE-2016-4054 HIGH
8.1 Apr 25

Buffer overflow in Squid 3.x before 3.5.17 and 4.x before 4.0.9 allows remote attackers to execute arbitrary code via cr

CVE-2016-4555 HIGH POC
7.5 May 10

client_side_request.cc in Squid 3.x before 3.5.18 and 4.x before 4.0.10 allows remote servers to cause a denial of servi

CVE-2016-3947 HIGH
8.2 Apr 07

Heap-based buffer overflow in the Icmp6::Recv function in icmp/Icmp6.cc in the pinger utility in Squid before 3.5.16 and

CVE-2013-4123 MEDIUM POC
5.0 Sep 16

client_side_request.cc in Squid 3.2.x before 3.2.13 and 3.3.x before 3.3.8 allows remote attackers to cause a denial of

CVE-2013-4115 HIGH
7.5 Aug 09

Buffer overflow in the idnsALookup function in dns_internal.cc in Squid 3.2 through 3.2.11 and 3.3 through 3.3.6 allows

CVE-2016-4554 HIGH
8.6 May 10

mime_header.cc in Squid before 3.5.18 allows remote attackers to bypass intended same-origin restrictions and possibly c

CVE-2014-7141 MEDIUM
6.4 Nov 26

The pinger in Squid 3.x before 3.4.8 allows remote attackers to obtain sensitive information or cause a denial of servic

CVE-2014-3609 MEDIUM
5.0 Sep 11

HttpHdrRange.cc in Squid 3.x before 3.3.12 and 3.4.x before 3.4.6 allows remote attackers to cause a denial of service (

CVE-2016-2569 HIGH
7.5 Feb 27

Squid 3.x before 3.5.15 and 4.x before 4.0.7 does not properly append data to String objects, which allows remote server

CVE-2016-3948 HIGH
7.5 Apr 07

Squid 3.x before 3.5.16 and 4.x before 4.0.8 improperly perform bounds checking, which allows remote attackers to cause

CVE-2014-7142 MEDIUM
6.4 Nov 26

The pinger in Squid 3.x before 3.4.8 allows remote attackers to obtain sensitive information or cause a denial of servic

Share

CVE-2024-37894 vulnerability details – vuln.today

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy