http.cc in Squid 3.x before 3.5.15 and 4.x before 4.0.7 proceeds with the storage of certain data after a response-parsing failure, which allows remote HTTP servers to cause a denial of service (assertion failure and daemon exit) via a malformed response.
Vulnerable Systems:
*Squid 3.x before 3.5.15 and 4.x before 4.0.7
Immune Systems:
*Squid 3.x after 3.5.15 and 4.x after 4.0.7
Some vulnerabilities were reported in Squid. A remote user can cause denial of service conditions on the target client systems.A remote server can return a specially crafted HTTP response to trigger an overflow in the proxy, causing all connected client users to be disconnected.