Nathan Hoad

**Name of the Vulnerable Software and Affected Versions** Squid versions 3.2 through 3.2.11 Squid versions 3.3 through 3.3.6 **Description** The issue allows remote attackers to cause a denial of service, resulting in memory corruption and server termination, via a long name in a DNS lookup request. This is due to a buffer overflow in the `idnsALookup` function. **Recommendations** For Squid versions 3.2 through 3.2.11, update to a version outside of this range to resolve the issue. For Squid versions 3.3 through 3.3.6, update to a version outside of this range to resolve the issue. As a temporary workaround, consider restricting the length of names in DNS lookup requests to prevent exploitation.