VulnerableCode Package Details - pkg:deb/debian/trafficserver@9.2.5%2Bds-1

Search for packages

Vulnerability	Summary	Fixed by
VCID-4738-xk8n-hbac Aliases: CVE-2024-38311	Improper Input Validation vulnerability in Apache Traffic Server. This issue affects Apache Traffic Server: from 8.0.0 through 8.1.11, from 9.0.0 through 9.2.8, from 10.0.0 through 10.0.3. Users are recommended to upgrade to version 9.2.9 or 10.0.4, which fixes the issue.	There are no reported fixed by versions.
VCID-4hs3-be7k-9qe7 Aliases: CVE-2025-65114	Apache Traffic Server allows request smuggling if chunked messages are malformed. This issue affects Apache Traffic Server: from 9.0.0 through 9.2.12, from 10.0.0 through 10.1.1. Users are recommended to upgrade to version 9.2.13 or 10.1.2, which fix the issue.	There are no reported fixed by versions.
VCID-4uhe-mtbx-nfdu Aliases: CVE-2024-56195	Improper Access Control vulnerability in Apache Traffic Server. This issue affects Apache Traffic Server: from 9.2.0 through 9.2.8, from 10.0.0 through 10.0.3. Users are recommended to upgrade to version 9.2.9 or 10.0.4, which fixes the issue.	There are no reported fixed by versions.
VCID-5e1r-3jec-tkhp Aliases: CVE-2025-49763	trafficserver: Traffic Server ESI Inclusion Depth Vulnerability	There are no reported fixed by versions.
VCID-c62p-6ghw-j3dv Aliases: CVE-2024-50305	Valid Host header field can cause Apache Traffic Server to crash on some platforms. This issue affects Apache Traffic Server: from 9.2.0 through 9.2.5. Users are recommended to upgrade to version 9.2.6, which fixes the issue, or 10.0.2, which does not have the issue.	There are no reported fixed by versions.
VCID-eay7-63um-43e9 Aliases: CVE-2024-53868	Apache Traffic Server allows request smuggling if chunked messages are malformed. This issue affects Apache Traffic Server: from 9.2.0 through 9.2.9, from 10.0.0 through 10.0.4. Users are recommended to upgrade to version 9.2.10 or 10.0.5, which fixes the issue.	There are no reported fixed by versions.
VCID-jabw-thzt-63bb Aliases: CVE-2024-50306	Unchecked return value can allow Apache Traffic Server to retain privileges on startup. This issue affects Apache Traffic Server: from 9.2.0 through 9.2.5, from 10.0.0 through 10.0.1. Users are recommended to upgrade to version 9.2.6 or 10.0.2, which fixes the issue.	There are no reported fixed by versions.
VCID-kjah-am9e-xkev Aliases: CVE-2024-56202	Expected Behavior Violation vulnerability in Apache Traffic Server. This issue affects Apache Traffic Server: from 9.0.0 through 9.2.8, from 10.0.0 through 10.0.3. Users are recommended to upgrade to versions 9.2.9 or 10.0.4 or newer, which fixes the issue.	There are no reported fixed by versions.
VCID-rcdg-j23x-xfbn Aliases: CVE-2024-38479	Improper Input Validation vulnerability in Apache Traffic Server. This issue affects Apache Traffic Server: from 8.0.0 through 8.1.11, from 9.0.0 through 9.2.5. Users are recommended to upgrade to version 9.2.6, which fixes the issue, or 10.0.2, which does not have the issue.	There are no reported fixed by versions.
VCID-tevw-8dcp-yfh6 Aliases: CVE-2025-31698	trafficserver: Apache Traffic Server PROXY Protocol ACL Bypass	There are no reported fixed by versions.
VCID-ww3t-p3pq-gkhy Aliases: CVE-2025-58136	A bug in POST request handling causes a crash under a certain condition. This issue affects Apache Traffic Server: from 10.0.0 through 10.1.1, from 9.0.0 through 9.2.12. Users are recommended to upgrade to version 10.1.2 or 9.2.13, which fix the issue. A workaround for older versions is to set proxy.config.http.request_buffer_enabled to 0 (the default value is 0).	There are no reported fixed by versions.

Vulnerability

Summary

Fixed by

VCID-4738-xk8n-hbac
Aliases:
CVE-2024-38311

Improper Input Validation vulnerability in Apache Traffic Server. This issue affects Apache Traffic Server: from 8.0.0 through 8.1.11, from 9.0.0 through 9.2.8, from 10.0.0 through 10.0.3. Users are recommended to upgrade to version 9.2.9 or 10.0.4, which fixes the issue.