CVE-2024-38311

Published: Mar 6, 2025Modified: Apr 29, 2025

6.3

Vector

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L

Exploitability: 2.8 / Impact: 3.4

Source: 134c704f-9b21-4f2e-91b3-4a467353bcc0 (Secondary)

Description

Improper Input Validation vulnerability in Apache Traffic Server. This issue affects Apache Traffic Server: from 8.0.0 through 8.1.11, from 9.0.0 through 9.2.8, from 10.0.0 through 10.0.3. Users are recommended to upgrade to version 9.2.9 or 10.0.4, which fixes the issue.

Affected (2)

Products: Apache: Traffic Server

1 product

Configuration A

2 vulnerable

Vulnerable Software	Affected Versions
Apache Traffic Server	From 10.0.0 to 10.0.4
Apache Traffic Server	From 9.0.0 to 9.2.9

Related CWEs

Improper Input Validation

The product receives input or data, but it does not validate or incorrectly validates that the input has the properties that are required to process the data safely and correctly.

References (1)

https://lists.apache.org/thread/btofzws2yqskk2n7f01r3l1819x01023

Source: security@apache.org

Mailing ListVendor Advisory

Timeline

No history available yet.