OpenCVE

Squid is a caching proxy for the Web supporting HTTP, HTTPS, FTP, and more. Due to an Out-of-bounds Write error when assigning ESI variables, Squid is susceptible to a Memory Corruption error. This error can lead to a Denial of Service attack.

No CVSS v4.0

Attack Vector Network

Attack Complexity High

Privileges Required Low

Scope Changed

Confidentiality Impact None

Integrity Impact None

Availability Impact High

User Interaction None

No CVSS v3.0

No CVSS v2

This CVE is not in the KEV list.

Exploitation none

Automatable no

Technical Impact partial

Vendors	Products
Redhat	Enterprise Linux Rhel Eus

No data.

Package	CPE	Advisory	Released Date
Red Hat Enterprise Linux 9
squid-7:5.5-13.el9_4	cpe:/a:redhat:enterprise_linux:9	RHSA-2024:4861	2024-07-25T00:00:00Z
Red Hat Enterprise Linux 9.2 Extended Update Support
squid-7:5.5-5.el9_2.7	cpe:/a:redhat:rhel_eus:9.2	RHSA-2024:5906	2024-08-27T00:00:00Z

References

Link	Providers
https://github.com/squid-cache/squid/commit/f411fe7d75197852f0e5ee85027a06d58dd8df4c.patch
https://github.com/squid-cache/squid/security/advisories/GHSA-wgvf-q977-9xjg
https://megamansec.github.io/Squid-Security-Audit/esi-underflow.html
https://nvd.nist.gov/vuln/detail/CVE-2024-37894
https://security.netapp.com/advisory/ntap-20240719-0001/
https://www.cve.org/CVERecord?id=CVE-2024-37894

History

Wed, 28 Aug 2024 06:15:00 +0000

Type	Values Removed	Values Added
First Time appeared		Redhat rhel Eus
CPEs		cpe:/a:redhat:rhel_eus:9.2
Vendors & Products		Redhat rhel Eus

MITRE

Status: PUBLISHED

Assigner: GitHub_M

Published: 2024-06-25T19:39:02.376Z

Updated: 2024-08-02T03:57:39.982Z

Reserved: 2024-06-10T19:54:41.361Z

Link: CVE-2024-37894

Vulnrichment

Updated: 2024-06-26T14:07:08.052Z

NVD

Status : Awaiting Analysis

Published: 2024-06-25T20:15:11.873

Modified: 2024-11-21T09:24:29.227

Link: CVE-2024-37894

Redhat

Severity : Moderate

Publid Date: 2024-06-25T00:00:00Z

Links: CVE-2024-37894 - Bugzilla

{"dataType": "CVE_RECORD", "cveMetadata": {"cveId": "CVE-2024-37894", "assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa", "state": "PUBLISHED", "assignerShortName": "GitHub_M", "dateReserved": "2024-06-10T19:54:41.361Z", "datePublished": "2024-06-25T19:39:02.376Z", "dateUpdated": "2024-08-02T03:57:39.982Z"}, "containers": {"cna": {"title": "Squid vulnerable to heap corruption in ESI assign", "problemTypes": [{"descriptions": [{"cweId": "CWE-787", "lang": "en", "description": "CWE-787: Out-of-bounds Write", "type": "CWE"}]}], "metrics": [{"cvssV3_1": {"attackComplexity": "HIGH", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 6.3, "baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "LOW", "scope": "CHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:C/C:N/I:N/A:H", "version": "3.1"}}], "references": [{"name": "https://github.com/squid-cache/squid/security/advisories/GHSA-wgvf-q977-9xjg", "tags": ["x_refsource_CONFIRM"], "url": "https://github.com/squid-cache/squid/security/advisories/GHSA-wgvf-q977-9xjg"}, {"name": "https://github.com/squid-cache/squid/commit/f411fe7d75197852f0e5ee85027a06d58dd8df4c.patch", "tags": ["x_refsource_MISC"], "url": "https://github.com/squid-cache/squid/commit/f411fe7d75197852f0e5ee85027a06d58dd8df4c.patch"}, {"url": "https://security.netapp.com/advisory/ntap-20240719-0001/"}], "affected": [{"vendor": "squid-cache", "product": "squid", "versions": [{"version": ">= 3.0, <= 3.5.28", "status": "affected"}, {"version": ">= 4.0, <= 4.16", "status": "affected"}, {"version": ">= 5.0, <= 5.9", "status": "affected"}, {"version": ">= 6.0, <= 6.9", "status": "affected"}]}], "providerMetadata": {"orgId": "a0819718-46f1-4df5-94e2-005712e83aaa", "shortName": "GitHub_M", "dateUpdated": "2024-06-25T19:39:02.376Z"}, "descriptions": [{"lang": "en", "value": "Squid is a caching proxy for the Web supporting HTTP, HTTPS, FTP, and more. Due to an Out-of-bounds Write error when assigning ESI variables, Squid is susceptible to a Memory Corruption error. This error can lead to a Denial of Service attack."}], "source": {"advisory": "GHSA-wgvf-q977-9xjg", "discovery": "UNKNOWN"}}, "adp": [{"metrics": [{"other": {"type": "ssvc", "content": {"timestamp": "2024-06-26T14:07:04.077026Z", "id": "CVE-2024-37894", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "partial"}], "role": "CISA Coordinator", "version": "2.0.3"}}}], "title": "CISA ADP Vulnrichment", "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2024-06-26T14:07:11.424Z"}}, {"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-02T03:57:39.982Z"}, "title": "CVE Program Container", "references": [{"name": "https://github.com/squid-cache/squid/security/advisories/GHSA-wgvf-q977-9xjg", "tags": ["x_refsource_CONFIRM", "x_transferred"], "url": "https://github.com/squid-cache/squid/security/advisories/GHSA-wgvf-q977-9xjg"}, {"name": "https://github.com/squid-cache/squid/commit/f411fe7d75197852f0e5ee85027a06d58dd8df4c.patch", "tags": ["x_refsource_MISC", "x_transferred"], "url": "https://github.com/squid-cache/squid/commit/f411fe7d75197852f0e5ee85027a06d58dd8df4c.patch"}, {"url": "https://security.netapp.com/advisory/ntap-20240719-0001/", "tags": ["x_transferred"]}]}]}, "dataVersion": "5.1"}

{"dataType": "CVE_RECORD", "containers": {"adp": [{"title": "CISA ADP Vulnrichment", "metrics": [{"other": {"type": "ssvc", "content": {"id": "CVE-2024-37894", "role": "CISA Coordinator", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "partial"}], "version": "2.0.3", "timestamp": "2024-06-26T14:07:04.077026Z"}}}], "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2024-06-26T14:07:08.052Z"}}], "cna": {"title": "Squid vulnerable to heap corruption in ESI assign", "source": {"advisory": "GHSA-wgvf-q977-9xjg", "discovery": "UNKNOWN"}, "metrics": [{"cvssV3_1": {"scope": "CHANGED", "version": "3.1", "baseScore": 6.3, "attackVector": "NETWORK", "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:C/C:N/I:N/A:H", "integrityImpact": "NONE", "userInteraction": "NONE", "attackComplexity": "HIGH", "availabilityImpact": "HIGH", "privilegesRequired": "LOW", "confidentialityImpact": "NONE"}}], "affected": [{"vendor": "squid-cache", "product": "squid", "versions": [{"status": "affected", "version": ">= 3.0, <= 3.5.28"}, {"status": "affected", "version": ">= 4.0, <= 4.16"}, {"status": "affected", "version": ">= 5.0, <= 5.9"}, {"status": "affected", "version": ">= 6.0, <= 6.9"}]}], "references": [{"url": "https://github.com/squid-cache/squid/security/advisories/GHSA-wgvf-q977-9xjg", "name": "https://github.com/squid-cache/squid/security/advisories/GHSA-wgvf-q977-9xjg", "tags": ["x_refsource_CONFIRM"]}, {"url": "https://github.com/squid-cache/squid/commit/f411fe7d75197852f0e5ee85027a06d58dd8df4c.patch", "name": "https://github.com/squid-cache/squid/commit/f411fe7d75197852f0e5ee85027a06d58dd8df4c.patch", "tags": ["x_refsource_MISC"]}, {"url": "https://security.netapp.com/advisory/ntap-20240719-0001/"}], "descriptions": [{"lang": "en", "value": "Squid is a caching proxy for the Web supporting HTTP, HTTPS, FTP, and more. Due to an Out-of-bounds Write error when assigning ESI variables, Squid is susceptible to a Memory Corruption error. This error can lead to a Denial of Service attack."}], "problemTypes": [{"descriptions": [{"lang": "en", "type": "CWE", "cweId": "CWE-787", "description": "CWE-787: Out-of-bounds Write"}]}], "providerMetadata": {"orgId": "a0819718-46f1-4df5-94e2-005712e83aaa", "shortName": "GitHub_M", "dateUpdated": "2024-06-25T19:39:02.376Z"}}}, "cveMetadata": {"cveId": "CVE-2024-37894", "state": "PUBLISHED", "dateUpdated": "2024-06-25T19:39:02.376Z", "dateReserved": "2024-06-10T19:54:41.361Z", "assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa", "datePublished": "2024-06-25T19:39:02.376Z", "assignerShortName": "GitHub_M"}, "dataVersion": "5.1"}

{"descriptions": [{"lang": "en", "value": "Squid is a caching proxy for the Web supporting HTTP, HTTPS, FTP, and more. Due to an Out-of-bounds Write error when assigning ESI variables, Squid is susceptible to a Memory Corruption error. This error can lead to a Denial of Service attack."}, {"lang": "es", "value": "Squid es un proxy de almacenamiento en cach\u00e9 para la Web que admite HTTP, HTTPS, FTP y m\u00e1s. Debido a un error de escritura fuera de los l\u00edmites al asignar variables ESI, Squid es susceptible a un error de corrupci\u00f3n de memoria. Este error puede provocar un ataque de denegaci\u00f3n de servicio."}], "id": "CVE-2024-37894", "lastModified": "2024-11-21T09:24:29.227", "metrics": {"cvssMetricV31": [{"cvssData": {"attackComplexity": "HIGH", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 6.3, "baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "LOW", "scope": "CHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:C/C:N/I:N/A:H", "version": "3.1"}, "exploitabilityScore": 1.8, "impactScore": 4.0, "source": "security-advisories@github.com", "type": "Secondary"}]}, "published": "2024-06-25T20:15:11.873", "references": [{"source": "security-advisories@github.com", "url": "https://github.com/squid-cache/squid/commit/f411fe7d75197852f0e5ee85027a06d58dd8df4c.patch"}, {"source": "security-advisories@github.com", "url": "https://github.com/squid-cache/squid/security/advisories/GHSA-wgvf-q977-9xjg"}, {"source": "security-advisories@github.com", "url": "https://security.netapp.com/advisory/ntap-20240719-0001/"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "https://github.com/squid-cache/squid/commit/f411fe7d75197852f0e5ee85027a06d58dd8df4c.patch"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "https://github.com/squid-cache/squid/security/advisories/GHSA-wgvf-q977-9xjg"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "https://security.netapp.com/advisory/ntap-20240719-0001/"}], "sourceIdentifier": "security-advisories@github.com", "vulnStatus": "Awaiting Analysis", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-787"}], "source": "security-advisories@github.com", "type": "Secondary"}]}

{"affected_release": [{"advisory": "RHSA-2024:4861", "cpe": "cpe:/a:redhat:enterprise_linux:9", "package": "squid-7:5.5-13.el9_4", "product_name": "Red Hat Enterprise Linux 9", "release_date": "2024-07-25T00:00:00Z"}, {"advisory": "RHSA-2024:5906", "cpe": "cpe:/a:redhat:rhel_eus:9.2", "package": "squid-7:5.5-5.el9_2.7", "product_name": "Red Hat Enterprise Linux 9.2 Extended Update Support", "release_date": "2024-08-27T00:00:00Z"}], "bugzilla": {"description": "squid: Out-of-bounds write error may lead to Denial of Service", "id": "2294353", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2294353"}, "csaw": false, "cvss3": {"cvss3_base_score": "6.3", "cvss3_scoring_vector": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:C/C:N/I:N/A:H", "status": "verified"}, "cwe": "CWE-787", "details": ["Squid is a caching proxy for the Web supporting HTTP, HTTPS, FTP, and more. Due to an Out-of-bounds Write error when assigning ESI variables, Squid is susceptible to a Memory Corruption error. This error can lead to a Denial of Service attack.", "A flaw was found in Squid. An out-of-bounds write can be triggered when an Edge Side Includes (ESI) variable is assigned to a value not in the standard ASCII range, for example, multi-byte characters. This flaw allows a trusted server to crash Squid while processing an ESI response content, resulting in a denial of service."], "mitigation": {"lang": "en:us", "value": "Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability."}, "name": "CVE-2024-37894", "package_state": [{"cpe": "cpe:/o:redhat:enterprise_linux:6", "fix_state": "Out of support scope", "package_name": "squid", "product_name": "Red Hat Enterprise Linux 6"}, {"cpe": "cpe:/o:redhat:enterprise_linux:6", "fix_state": "Out of support scope", "package_name": "squid34", "product_name": "Red Hat Enterprise Linux 6"}, {"cpe": "cpe:/o:redhat:enterprise_linux:7", "fix_state": "Out of support scope", "package_name": "squid", "product_name": "Red Hat Enterprise Linux 7"}, {"cpe": "cpe:/o:redhat:enterprise_linux:8", "fix_state": "Will not fix", "package_name": "squid:4/squid", "product_name": "Red Hat Enterprise Linux 8"}], "public_date": "2024-06-25T00:00:00Z", "references": ["https://www.cve.org/CVERecord?id=CVE-2024-37894\nhttps://nvd.nist.gov/vuln/detail/CVE-2024-37894\nhttps://github.com/squid-cache/squid/security/advisories/GHSA-wgvf-q977-9xjg\nhttps://megamansec.github.io/Squid-Security-Audit/esi-underflow.html"], "statement": "Squid as shipped in Red Hat Enterprise Linux 8 and 9 is vulnerable to this vulnerability as the ESI support is enabled by default.\nThis flaw requires Squid to be in a reverse proxy configuration and using an ESI variable with non ASCII characters, allowing a trusted server to cause a denial of service. For these reasons, this flaw was rated with a Moderate severity.", "threat_severity": "Moderate"}