How severe is CVE-2024-23638?

This vulnerability has a severity rating of MEDIUM with a CVSS score of 6.5 out of 10.

What type of vulnerability is CVE-2024-23638?

This is classified as CWE-825, which is a common weakness in software security.

CVE-2024-23638

MEDIUM Year: 2024

CVSS v3 Score

6.5

Medium

Weakness Type

CWE-825

View all →

Vulnerability Description

Squid is a caching proxy for the Web. Due to an expired pointer reference bug, Squid prior to version 6.6 is vulnerable to a Denial of Service attack against Cache Manager error responses. This problem allows a trusted client to perform Denial of Service when generating error pages for Client Manager reports. Squid older than 5.0.5 have not been tested and should be assumed to be vulnerable. All Squid-5.x up to and including 5.9 are vulnerable. All Squid-6.x up to and including 6.5 are vulnerable. This bug is fixed by Squid version 6.6. In addition, patches addressing this problem for the stable releases can be found in Squid's patch archives. As a workaround, prevent access to Cache Manager using Squid's main access control: `http_access deny manager`.

CVE-2025-30653

MEDIUM

CVSS:6.5(Medium)

An Expired Pointer Dereference vulnerability in Routing Protocol Daemon (rpd) of Juniper Networks Junos OS and Junos OS Evolved allows an unauthenticated, adjacent attacker to cause Denial of Service ...

CWE-8252025

CVE-2024-45105

MEDIUM

CVSS:6.7(Medium)

An internal product security audit discovered a UEFI SMM (System Management Mode) callout vulnerability in some ThinkSystem servers that could allow a local attacker with elevated privileges to execut...

CWE-8252024

CVE-2024-28889

MEDIUM

CVSS:5.9(Medium)

When an SSL profile with alert timeout is configured with a non-default value on a virtual server, undisclosed traffic along with conditions beyond the attacker's control can cause the Traffic Managem...

CWE-8252024

CVE-2019-15691

HIGH

CVSS:7.2(High)

TigerVNC version prior to 1.10.1 is vulnerable to stack use-after-return, which occurs due to incorrect usage of stack memory in ZRLEDecoder. If decoding routine would throw an exception, ZRLEDecoder ...

CWE-8252019

CVE-2023-20212

HIGH

CVSS:7.5(High)

A vulnerability in the AutoIt module of ClamAV could allow an unauthenticated, remote attacker to cause a denial of service (DoS) condition on an affected device. This vulnerability is due to a logic ...

CWE-8252023

CVE-2024-39792

HIGH

CVSS:7.5(High)

When the NGINX Plus is configured to use the MQTT pre-read module, undisclosed requests can cause an increase in memory resource utilization. Note: Software versions which have reached End of Technica...

CWE-8252024

CVE-2024-23638

Vulnerability Description

Related Vulnerabilities

CVE-2025-30653

CVE-2024-45105

CVE-2024-28889

CVE-2019-15691

CVE-2023-20212

CVE-2024-39792