CVE-2024-50305

CVSS v2.0

7.8

High

Vector

AV:N/AC:L/Au:N/C:N/I:N/A:C

Name of the Vulnerable Software and Affected Versions: Apache Traffic Server versions 9.2.0 through 9.2.5

Description: The issue is related to insufficient input validation when handling the Host header field, which can cause Apache Traffic Server to crash on some platforms. This can be exploited by a remote attacker to cause a denial of service.

Recommendations: For versions 9.2.0 through 9.2.5, upgrade to version 9.2.6, which fixes the issue, or 10.0.2, which does not have the issue. As a temporary workaround, consider restricting access to the Host header field to minimize the risk of exploitation.

Fix

Improper Resource Release

RCE

Buffer Overflow

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-404CWE-20CWE-120

Related Identifiers

BDU:2024-10896

CVE-2024-50305

DSA-5896-1

OESA-2024-2470

OESA-2026-1019

USN-8050-1

Affected Products

Apache Traffic Server

Debian

Linuxmint

Ubuntu

CVE-2024-50305

Weakness Enumeration

Related Identifiers

Affected Products

References · 34