CVE-2024-50306

Published: Nov 14, 2024Modified: Nov 3, 2025

9.1

Vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:H

Exploitability: 3.9 / Impact: 5.2

Source: 134c704f-9b21-4f2e-91b3-4a467353bcc0 (Secondary)

Description

Unchecked return value can allow Apache Traffic Server to retain privileges on startup. This issue affects Apache Traffic Server: from 9.2.0 through 9.2.5, from 10.0.0 through 10.0.1. Users are recommended to upgrade to version 9.2.6 or 10.0.2, which fixes the issue.

Affected (2)

Products: Apache: Traffic Server

1 product

Configuration A

2 vulnerable

Vulnerable Software	Affected Versions
Apache Traffic Server	From 10.0.0 to 10.0.2
Apache Traffic Server	From 9.0.0 to 9.2.6

Related CWEs

Unchecked Return Value

The product does not check the return value from a method or function, which can prevent it from detecting unexpected states and conditions.

References (2)

https://lists.apache.org/thread/y15fh6c7kyqvzm0f9odw7c5jh4r4np0y

Source: security@apache.org

Mailing ListVendor Advisory

https://lists.debian.org/debian-lts-announce/2025/02/msg00018.html

Source: af854a3a-2127-422b-91ae-364da2661108

Timeline

No history available yet.