CVE-2024-37894

Squid is a caching proxy for the Web supporting HTTP, HTTPS, FTP, and more. Due to an Out-of-bounds Write error when assigning ESI variables, Squid is susceptible to a Memory Corruption error. This error can lead to a Denial of Service attack.

References

Affected packages

Git / github.com/squid-cache/squid

Affected ranges

Type: GIT
Repo: https://github.com/squid-cache/squid
Events: Introduced

0 Unknown introduced commit / All previous commits are affected

Fixed

f411fe7d75197852f0e5ee85027a06d58dd8df4c

Database specific

{
    "vanir_signatures": [
        {
            "source": "https://github.com/squid-cache/squid/commit/f411fe7d75197852f0e5ee85027a06d58dd8df4c",
            "signature_version": "v1",
            "deprecated": false,
            "id": "CVE-2024-37894-2ecd428f",
            "target": {
                "file": "lib/libTrie/TrieNode.cc"
            },
            "digest": {
                "line_hashes": [
                    "136579892457248253522224572336865689733",
                    "209607261777207201621458079994525865211",
                    "194519298064124037727292616379541203745",
                    "91837221106724373053315540135953379279"
                ],
                "threshold": 0.9
            },
            "signature_type": "Line"
        },
        {
            "source": "https://github.com/squid-cache/squid/commit/f411fe7d75197852f0e5ee85027a06d58dd8df4c",
            "signature_version": "v1",
            "deprecated": false,
            "id": "CVE-2024-37894-78752b81",
            "target": {
                "file": "lib/libTrie/TrieNode.cc",
                "function": "TrieNode::add"
            },
            "digest": {
                "function_hash": "17847592305448835666618485505342291609",
                "length": 384.0
            },
            "signature_type": "Function"
        }
    ]
}