Squid is a caching proxy for the Web supporting HTTP, HTTPS, FTP, and more. Due to an Out-of-bounds Write error when assigning ESI variables, Squid is susceptible to a Memory Corruption error. This error can lead to a Denial of Service attack.
CVE ID: CVE-2024-37894
CVSS Base Severity: MEDIUM
CVSS Base Score: 6.3
CVSS Vector: CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:C/C:N/I:N/A:H
Vendor: squid-cache
Product: squid
EPSS Score: 0.05% (probability of being exploited)
EPSS Percentile: 18.39% (scored less or equal to compared to others)
EPSS Date: 2025-03-14 (when was this score calculated)