**Name of the Vulnerable Software and Affected Versions:**

Squid versions 6.3 and below

Squid versions 4.x through 4.17

Squid versions 5.x through 5.9

**Description:**

Squid is vulnerable to a heap-based buffer overflow when processing Uniform Resource Name (URN) requests due to incorrect buffer management. This allows a remote attacker to potentially execute arbitrary code or leak up to 4KB of heap memory, which may contain sensitive information like session tokens and keys. The vulnerability occurs when processing specially crafted URN Trivial-HTTP responses. Over 53 million instances of the software have been identified, with over 27% potentially vulnerable.

**Recommendations:**

Squid versions prior to 6.4: Update to version 6.4 or later to resolve this issue.

Squid versions 4.x through 4.17: Update to version 6.4 or later to resolve this issue.

Squid versions 5.x through 5.9: Update to version 6.4 or later to resolve this issue.

As a temporary workaround, disable URN access permissions by adding the following to the Squid configuration:

```

acl URN proto URN

http access deny URN

```

Then, restart Squid to apply the changes.