CVE-2024-37894

Squid vulnerable to heap corruption in ESI assign

Squid is a caching proxy for the Web supporting HTTP, HTTPS, FTP, and more. Due to an Out-of-bounds Write error when assigning ESI variables, Squid is susceptible to a Memory Corruption error. This error can lead to a Denial of Service attack.

We have discovered 8,504 live websites that are affected by CVE-2024-37894.

Test my site



Affected Software

Product  squid
Category Cache Tools
Vulnerable Domains8,504 live websites (83.84% of squid install base)
Vulnerable Versions
  • from 3 through 3.5.28
  • from 4 through 4.16
  • from 5 through 5.9
  • from 6 through 6.9
Vulnerable Versions Count61 versions ( 89.71% of all versions)


Common Weakness Enumeration

CWE-787 Out-of-bounds Write



Details

  • Published - Jun 25, 2024
  • Updated - Feb 13, 2025

CVE-2024-37894 usage by Country

United States895 websites


Germany4,309 websites
GB570 websites
France341 websites
Poland313 websites
China309 websites
Spain268 websites
Italy161 websites
Czech Republic150 websites
Austria133 websites

CVE-2024-37894 usage by TLD

.de2,720 websites
.com1,965 websites
.co.uk413 websites
.org354 websites
.fr311 websites
.net281 websites
.es228 websites
.pl201 websites
.at180 websites
.ca148 websites

Vulnerable Versions

Vulnerable versions are highlighted in red

Websites affected by CVE-2024-37894

Top websites that are affected by CVE-2024-37894. Please click on the "Contact us" link to get more information.
DomainCountryRankContacts
****.*********.net GB*,***
***.org United States*,***
*********.net GB*,***
*****.edu United States*,***
*********.**.uk GB**,***
*****.******.********.edu United States**,***
*****.org France**,***
****.*********.net GB**,***
*****.*****.ca Canada**,***
************.de Germany**,***
See full domain list

FAQ

CVE-2024-37894 is Out-of-bounds Write in squid
A total of 8,504 websites have been identified as vulnerable to CVE-2024-37894, discovered through global website indexing conducted by WebTechSurvey.
squid is susceptible to CVE-2024-37894 vulnerability.
squid versions before, and including, 6.9 are vulnerable to CVE-2024-37894.