Bfek-18

**Name of the Vulnerable Software and Affected Versions** Squid versions 3.x through 3.5.17 Squid versions 4.x through 4.0.9 **Description** The issue allows remote servers to cause a denial of service (crash) via crafted Edge Side Includes (ESI) responses. This is related to the `client side request.cc` file in Squid. **Recommendations** For Squid versions 3.x through 3.5.17, update to version 3.5.18 or later. For Squid versions 4.x through 4.0.9, update to version 4.0.10 or later.

**Name of the Vulnerable Software and Affected Versions** Squid versions 3.x through 3.5.17 Squid versions 4.x through 4.0.9 **Description** The issue is related to a double free vulnerability in the Esi.cc component. This vulnerability allows remote servers to cause a denial of service, resulting in a crash, by sending a crafted Edge Side Includes (ESI) response. **Recommendations** For Squid versions 3.x through 3.5.17, update to version 3.5.18 or later. For Squid versions 4.x through 4.0.9, update to version 4.0.10 or later.