Christof Gerber

**Name of the Vulnerable Software and Affected Versions** Squid versions prior to 4.12 Squid versions 5.x prior to 5.0.3 **Description** An issue was discovered in Squid due to the use of a potentially dangerous function. Squid and the default certificate validation helper are vulnerable to a Denial of Service when opening a TLS connection to an attacker-controlled server for HTTPS. This occurs because unrecognized error values are mapped to NULL, but later code expects that each error value is mapped to a valid error string. **Recommendations** For Squid versions prior to 4.12, update to version 4.12 or later. For Squid versions 5.x prior to 5.0.3, update to version 5.0.3 or later.