Squid · Squid · CVE-2016-2570
**Name of the Vulnerable Software and Affected Versions**
Squid versions 3.x through 3.5.14
Squid versions 4.x through 4.0.6
**Description**
The issue is related to the Edge Side Includes (ESI) parser in Squid, which does not properly check buffer limits during XML parsing. This allows remote HTTP servers to cause a denial of service, resulting in an assertion failure and daemon exit, by sending a crafted XML document. The problem is associated with the files esi/CustomParser.cc and esi/CustomParser.h.
**Recommendations**
For Squid versions 3.x through 3.5.14, update to version 3.5.15 or later.
For Squid versions 4.x through 4.0.6, update to version 4.0.7 or later.