Lyu

**Name of the Vulnerable Software and Affected Versions** Squid versions 4.14 and 5.x through 5.0.5 **Description** The issue is related to an out-of-bounds read in WCCP protocol data, which can lead to information disclosure. This can be leveraged as part of a chain for remote code execution. The vulnerability is associated with a buffer read beyond its boundaries, allowing a remote attacker to gain access to confidential information by substituting the list of known Squid WCCP routers and redirecting traffic to a controlled router. **Recommendations** For Squid versions 4.14 and 5.x through 5.0.5, consider disabling the WCCP protocol as a temporary workaround until a patch is available. Restrict access to the WCCP protocol data to minimize the risk of exploitation. Avoid using configurations that allow information disclosure through the WCCP protocol until the issue is resolved. At the moment, there is no information about a newer version that contains a fix for this vulnerability.