CVE-2024-50306
Publication date 14 November 2024
Last updated 30 May 2025
Ubuntu priority
Cvss 3 Severity Score
Unchecked return value can allow Apache Traffic Server to retain privileges on startup. This issue affects Apache Traffic Server: from 9.2.0 through 9.2.5, from 10.0.0 through 10.0.1. Users are recommended to upgrade to version 9.2.6 or 10.0.2, which fixes the issue.
Status
Package | Ubuntu Release | Status |
---|---|---|
trafficserver | 25.04 plucky |
Needs evaluation
|
24.10 oracular |
Needs evaluation
|
|
24.04 LTS noble |
Needs evaluation
|
|
22.04 LTS jammy |
Needs evaluation
|
|
20.04 LTS focal |
Needs evaluation
|
|
18.04 LTS bionic |
Needs evaluation
|
|
16.04 LTS xenial |
Needs evaluation
|
Severity score breakdown
Parameter | Value |
---|---|
Base score |
|
Attack vector | Network |
Attack complexity | Low |
Privileges required | None |
User interaction | None |
Scope | Unchanged |
Confidentiality | None |
Integrity impact | High |
Availability impact | High |
Vector | CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:H |
References
Other references
- https://www.cve.org/CVERecord?id=CVE-2024-50306
- https://www.openwall.com/lists/oss-security/2024/11/13/1
- https://github.com/apache/trafficserver/pull/11855
- https://github.com/apache/trafficserver/commit/27f504883547502b1f5e4e389edd7f26e3ab246f (9.2.6-rc0)
- https://github.com/apache/trafficserver/commit/ae638096e259121d92d46a9f57026a5ff5bc328b (master)
- https://lists.apache.org/thread/y15fh6c7kyqvzm0f9odw7c5jh4r4np0y