CVE-2024-37894 MEDIUM

CVE-2024-37894: Squid vulnerable to heap corruption in ESI assign

Vendor Squid-Cache
Product squid
Weakness CWE-787
Published June 25, 2024
Last update November 3, 2025

CVSS base score

6.3/10
Attack vector Network
Attack complexity High
Privileges required Low
User interaction None
Confidentiality None
Integrity None

CVSS vector

CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:C/C:N/I:N/A:H

What the vulnerability does

01Description

Squid is a caching proxy for the Web supporting HTTP, HTTPS, FTP, and more. Due to an Out-of-bounds Write error when assigning ESI variables, Squid is susceptible to a Memory Corruption error. This error can lead to a Denial of Service attack.

Key dates

02Disclosure timeline

June 25, 2024 CVE published
November 3, 2025 Record updated