Squid · Squid · CVE-2016-2390
**Name of the Vulnerable Software and Affected Versions**
Squid versions prior to 3.5.14
Squid versions 4.0.x prior to 4.0.6
**Description**
The issue arises from insufficient input validation in the FwdState::connectedToPeer method of the Squid proxy server. This can be exploited by a remote attacker to cause a denial of service, resulting in the application crashing, by sending an unencrypted HTTP message.
**Recommendations**
For Squid versions prior to 3.5.14, update to version 3.5.14 or later to resolve the issue.
For Squid versions 4.0.x prior to 4.0.6, update to version 4.0.6 or later to resolve the issue.