CVE-2024-37894

See a problem?
Please try reporting it to the source first.
Source
https://nvd.nist.gov/vuln/detail/CVE-2024-37894
Import Source
https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2024-37894.json
JSON Data
https://api.test.osv.dev/v1/vulns/CVE-2024-37894
Aliases
  • GHSA-wgvf-q977-9xjg
Downstream
Related
Published
2024-06-25T19:39:02.376Z
Modified
2025-11-30T21:53:37.572728Z
Severity
  • 6.3 (Medium) CVSS_V3 - CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:C/C:N/I:N/A:H CVSS Calculator
Summary
Squid vulnerable to heap corruption in ESI assign
Details

Squid is a caching proxy for the Web supporting HTTP, HTTPS, FTP, and more. Due to an Out-of-bounds Write error when assigning ESI variables, Squid is susceptible to a Memory Corruption error. This error can lead to a Denial of Service attack.

Database specific 
{
    "cwe_ids": [
        "CWE-787"
    ],
    "osv_generated_from": "https://github.com/CVEProject/cvelistV5/tree/main/cves/2024/37xxx/CVE-2024-37894.json",
    "cna_assigner": "GitHub_M"
}
References

Affected packages

Git / github.com/squid-cache/squid

Affected ranges

Type
GIT
Repo
https://github.com/squid-cache/squid
Events
Introduced
0 Unknown introduced commit / All previous commits are affected
Fixed
f411fe7d75197852f0e5ee85027a06d58dd8df4c

Database specific

vanir_signatures

[
    {
        "digest": {
            "threshold": 0.9,
            "line_hashes": [
                "136579892457248253522224572336865689733",
                "209607261777207201621458079994525865211",
                "194519298064124037727292616379541203745",
                "91837221106724373053315540135953379279"
            ]
        },
        "id": "CVE-2024-37894-2ecd428f",
        "signature_type": "Line",
        "source": "https://github.com/squid-cache/squid/commit/f411fe7d75197852f0e5ee85027a06d58dd8df4c",
        "target": {
            "file": "lib/libTrie/TrieNode.cc"
        },
        "signature_version": "v1",
        "deprecated": false
    },
    {
        "digest": {
            "length": 384.0,
            "function_hash": "17847592305448835666618485505342291609"
        },
        "id": "CVE-2024-37894-78752b81",
        "signature_type": "Function",
        "source": "https://github.com/squid-cache/squid/commit/f411fe7d75197852f0e5ee85027a06d58dd8df4c",
        "target": {
            "function": "TrieNode::add",
            "file": "lib/libTrie/TrieNode.cc"
        },
        "signature_version": "v1",
        "deprecated": false
    }
]

source

"https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2024-37894.json"