Lucene search
UbuntuUSN-6907-1HistoryJul 23, 2024 - 12:00 a.m.
Squid vulnerability
2024-07-2300:00:00
ubuntu.com
12
squid
ubuntu 24.04 lts
ubuntu 22.04 lts
ubuntu 20.04 lts
ubuntu 18.04 esm
ubuntu 16.04 esm
web proxy cache server
memory corruption error
denial of service
CVSS3
6.3
Attack Vector
NETWORK
Attack Complexity
HIGH
Privileges Required
LOW
User Interaction
NONE
Scope
CHANGED
Confidentiality Impact
NONE
Integrity Impact
NONE
Availability Impact
HIGH
CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:C/C:N/I:N/A:H
AI Score
7.6
Confidence
High
Releases
- Ubuntu 24.04 LTS
- Ubuntu 22.04 LTS
- Ubuntu 20.04 LTS
- Ubuntu 18.04 ESM
- Ubuntu 16.04 ESM
Packages
- squid - Web proxy cache server
- squid3 - Web proxy cache server
Details
Joshua Rogers discovered that Squid did not properly handle multi-byte
characters during Edge Side Includes (ESI) processing. A remote attacker
could possibly use this issue to cause a memory corruption error, leading
to a denial of service.
| OS | Version | Architecture | Package | Version | Filename |
|---|---|---|---|---|---|
| Ubuntu | 24.04 | noarch | squid | < 6.6-1ubuntu5.1 | UNKNOWN |
| Ubuntu | 24.04 | noarch | squid-cgi | < 6.6-1ubuntu5.1 | UNKNOWN |
| Ubuntu | 24.04 | noarch | squid-cgi-dbgsym | < 6.6-1ubuntu5.1 | UNKNOWN |
| Ubuntu | 24.04 | noarch | squid-common | < 6.6-1ubuntu5.1 | UNKNOWN |
| Ubuntu | 24.04 | noarch | squid-dbgsym | < 6.6-1ubuntu5.1 | UNKNOWN |
| Ubuntu | 24.04 | noarch | squid-openssl | < 6.6-1ubuntu5.1 | UNKNOWN |
| Ubuntu | 24.04 | noarch | squid-openssl-dbgsym | < 6.6-1ubuntu5.1 | UNKNOWN |
| Ubuntu | 24.04 | noarch | squid-purge | < 6.6-1ubuntu5.1 | UNKNOWN |
| Ubuntu | 24.04 | noarch | squid-purge-dbgsym | < 6.6-1ubuntu5.1 | UNKNOWN |
| Ubuntu | 24.04 | noarch | squidclient | < 6.6-1ubuntu5.1 | UNKNOWN |
References
Related
openvas
openvas
SUSE: Security Advisory (SUSE-SU-2024:2270-1)
2024-07-03 00:00:00
openSUSE: Security Advisory for squid (SUSE-SU-2024:2268-1)
2024-07-10 00:00:00
Ubuntu: Security Advisory (USN-6907-1)
2024-07-24 00:00:00
redos
redos
ROS-20240729-20
2024-07-29 00:00:00
alpinelinux
alpinelinux
CVE-2024-37894
2024-06-25 20:15:11
nessus
nessus
SUSE SLES12 Security Update : squid (SUSE-SU-2024:2270-1)
2024-07-03 00:00:00
Amazon Linux 2023 : squid (ALAS2023-2024-687)
2024-08-06 00:00:00
Photon OS 5.0: Squid PHSA-2024-5.0-0309
2024-07-24 00:00:00
debiancve
debiancve
CVE-2024-37894
2024-06-25 20:15:11
redhatcve
redhatcve
CVE-2024-37894
2024-06-26 01:21:26
osv
osv
squid-6.10-1.1 on GA media
2024-06-27 00:00:00
CVE-2024-37894
2024-06-25 20:15:00
squid, squid3 vulnerability
2024-07-23 15:24:29
vulnrichment
vulnrichment
CVE-2024-37894 Squid vulnerable to heap corruption in ESI assign
2024-06-25 19:39:02
mageia
mageia
Updated squid packages fix security vulnerability
2024-07-14 08:23:38
cvelist
cvelist
CVE-2024-37894 Squid vulnerable to heap corruption in ESI assign
2024-06-25 19:39:02
ubuntucve
ubuntucve
CVE-2024-37894
2024-06-25 00:00:00
nvd
nvd
CVE-2024-37894
2024-06-25 20:15:11
amazon
amazon
Medium: squid
2024-08-01 03:01:00
cve
cve
CVE-2024-37894
2024-06-25 20:15:11
redhat
redhat
(RHSA-2024:5906) Moderate: squid security update
2024-08-27 18:11:31
(RHSA-2024:4861) Moderate: squid security update
2024-07-25 08:15:50
fedora
fedora
[SECURITY] Fedora 39 Update: squid-6.10-1.fc39
2024-07-11 01:22:26
[SECURITY] Fedora 40 Update: squid-6.10-1.fc40
2024-07-11 01:15:52
oraclelinux
oraclelinux
squid security update
2024-07-25 00:00:00
rocky
rocky
squid security update
2024-07-26 12:33:59
photon
photon
Moderate Photon OS Security Update - PHSA-2024-5.0-0309
2024-07-02 00:00:00
Moderate Photon OS Security Update - PHSA-2024-4.0-0645
2024-07-02 00:00:00
almalinux
almalinux
Moderate: squid security update
2024-07-25 00:00:00
CVSS3
6.3
Attack Vector
NETWORK
Attack Complexity
HIGH
Privileges Required
LOW
User Interaction
NONE
Scope
CHANGED
Confidentiality Impact
NONE
Integrity Impact
NONE
Availability Impact
HIGH
CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:C/C:N/I:N/A:H
AI Score
7.6
Confidence
High
Related for USN-6907-1