Unrated severityNVD Advisory· Published Jun 25, 2024· Updated Nov 3, 2025
Squid vulnerable to heap corruption in ESI assign
CVE-2024-37894
Description
Squid is a caching proxy for the Web supporting HTTP, HTTPS, FTP, and more. Due to an Out-of-bounds Write error when assigning ESI variables, Squid is susceptible to a Memory Corruption error. This error can lead to a Denial of Service attack.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Affected products
14- osv-coords12 versionspkg:rpm/almalinux/squidpkg:rpm/opensuse/squid&distro=openSUSE%20Leap%2015.5pkg:rpm/opensuse/squid&distro=openSUSE%20Leap%2015.6pkg:rpm/opensuse/squid&distro=openSUSE%20Tumbleweedpkg:rpm/suse/squid&distro=SUSE%20Enterprise%20Storage%207.1pkg:rpm/suse/squid&distro=SUSE%20Linux%20Enterprise%20High%20Performance%20Computing%2015%20SP3-LTSSpkg:rpm/suse/squid&distro=SUSE%20Linux%20Enterprise%20Module%20for%20Server%20Applications%2015%20SP5pkg:rpm/suse/squid&distro=SUSE%20Linux%20Enterprise%20Module%20for%20Server%20Applications%2015%20SP6pkg:rpm/suse/squid&distro=SUSE%20Linux%20Enterprise%20Server%2012%20SP5pkg:rpm/suse/squid&distro=SUSE%20Linux%20Enterprise%20Server%2015%20SP3-LTSSpkg:rpm/suse/squid&distro=SUSE%20Linux%20Enterprise%20Server%20for%20SAP%20Applications%2012%20SP5pkg:rpm/suse/squid&distro=SUSE%20Linux%20Enterprise%20Server%20for%20SAP%20Applications%2015%20SP3
< 7:5.5-13.el9_4+ 11 more
- (no CPE)range: < 7:5.5-13.el9_4
- (no CPE)range: < 5.7-150400.3.32.1
- (no CPE)range: < 6.10-150600.3.6.1
- (no CPE)range: < 6.10-1.1
- (no CPE)range: < 4.17-150000.5.55.1
- (no CPE)range: < 4.17-150000.5.55.1
- (no CPE)range: < 5.7-150400.3.32.1
- (no CPE)range: < 6.10-150600.3.6.1
- (no CPE)range: < 4.17-4.50.1
- (no CPE)range: < 4.17-150000.5.55.1
- (no CPE)range: < 4.17-4.50.1
- (no CPE)range: < 4.17-150000.5.55.1
- Range: >= 3.0, <= 3.5.28
Patches
Vulnerability mechanics
AI mechanics synthesis has not run for this CVE yet.
References
3- github.com/squid-cache/squid/commit/f411fe7d75197852f0e5ee85027a06d58dd8df4c.patchmitrex_refsource_MISC
- github.com/squid-cache/squid/security/advisories/GHSA-wgvf-q977-9xjgmitrex_refsource_CONFIRM
- security.netapp.com/advisory/ntap-20240719-0001/mitre
News mentions
0No linked articles in our index yet.