CVE-2024-37894 – Squid caching proxy versions 6.0.1 through 6.9 ... (How to Fix)

Q: What is the severity of CVE-2024-37894?

CVE-2024-37894 has a CVSS score of 6.3 (MEDIUM). Squid caching proxy versions 6.0.1 through 6.9 and 5.0.5 through 5.9 are vulnerable to memory corruption due to an out-of-bounds write error when assigning ESI variables. This vulnerability can be exploited to cause denial of service, potentially crashing Squid instances. Organizations using vulnerable Squid versions as web proxies are affected.

📋 TL;DR

Squid caching proxy versions 6.0.1 through 6.9 and 5.0.5 through 5.9 are vulnerable to memory corruption due to an out-of-bounds write error when assigning ESI variables. This vulnerability can be exploited to cause denial of service, potentially crashing Squid instances. Organizations using vulnerable Squid versions as web proxies are affected.

💻 Affected Systems

Products:

Squid caching proxy

Versions: Squid 6.0.1 through 6.9, Squid 5.0.5 through 5.9

Operating Systems: All operating systems running Squid

Default Config Vulnerable: ⚠️ Yes

Notes: All Squid configurations with ESI (Edge Side Includes) processing enabled are vulnerable. ESI is used for dynamic content assembly in caching proxies.

📦 What is this software?

Squid by Squid Cache

View all CVEs affecting Squid →

⚠️ Risk & Real-World Impact

🔴

Worst Case

Complete service disruption with Squid process crashes leading to proxy service unavailability, potentially affecting all web traffic through the proxy.

🟠

Likely Case

Denial of service through Squid crashes requiring service restarts, causing temporary web proxy service interruptions.

🟢

If Mitigated

Limited impact with quick detection and restart capabilities, though service interruptions may still occur during exploitation attempts.

🌐 Internet-Facing: HIGH

🏢 Internal Only: MEDIUM

🎯 Exploit Status

Public PoC: ✅ No

Weaponized: UNKNOWN

Unauthenticated Exploit: ⚠️ Yes

Complexity: MEDIUM

Exploitation requires sending specially crafted HTTP requests to trigger the ESI variable assignment bug. No authentication is required if Squid is accessible.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: Squid 6.10 and 5.10

Vendor Advisory: https://github.com/squid-cache/squid/security/advisories/GHSA-wgvf-q977-9xjg

Restart Required: Yes

Instructions:

1. Download Squid 6.10 or 5.10 from official sources. 2. Stop Squid service. 3. Backup configuration files. 4. Install updated version. 5. Restart Squid service.

🔧 Temporary Workarounds

Disable ESI processing

all

Disable Edge Side Includes processing to prevent exploitation of the vulnerability

Add 'esi_disable on' to squid.conf and restart squid

Restrict access to Squid

all

Limit which clients can access Squid to reduce attack surface

Configure ACLs in squid.conf to restrict access to trusted networks only

🧯 If You Can't Patch

Implement network segmentation to isolate Squid instances from untrusted networks
Deploy WAF or reverse proxy in front of Squid to filter malicious requests

🔍 How to Verify

Check if Vulnerable:

Check Squid version with 'squid -v' and verify if it falls within affected ranges (6.0.1-6.9 or 5.0.5-5.9)

Check Version:

squid -v | grep Version

Verify Fix Applied:

Verify Squid version is 6.10 or higher, or 5.10 or higher after patching

📡 Detection & Monitoring

Log Indicators:

Multiple segmentation fault or crash entries in squid logs
Unusual ESI processing errors
Service restart patterns

Network Indicators:

HTTP requests with malformed ESI components
Unusual traffic patterns to Squid ESI endpoints

SIEM Query:

source="squid_access.log" AND (error OR crash OR segmentation)

📊 Metadata

CVE ID: CVE-2024-37894

CVSS v3 Score: 6.3 (MEDIUM)

CVSS Vector: CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:C/C:N/I:N/A:H

CWE: CWE-787

Published: June 25, 2024

Last Updated: November 3, 2025

🔗 References

https://github.com/squid-cache/squid/commit/f411fe7d75197852f0e5ee85027a06d58dd8df4c.patch Patch
https://github.com/squid-cache/squid/security/advisories/GHSA-wgvf-q977-9xjg Patch,Vendor Advisory
https://security.netapp.com/advisory/ntap-20240719-0001/ Third Party Advisory
https://github.com/squid-cache/squid/commit/f411fe7d75197852f0e5ee85027a06d58dd8df4c.patch Patch
https://github.com/squid-cache/squid/security/advisories/GHSA-wgvf-q977-9xjg Patch,Vendor Advisory
https://lists.debian.org/debian-lts-announce/2025/03/msg00009.html
https://security.netapp.com/advisory/ntap-20240719-0001/ Third Party Advisory

📤 Share & Export

📄 Export Markdown 📋 Export JSON

🔗 Related Vulnerabilities

If you're affected by CVE-2024-37894, you might also want to check these: