Name of the Vulnerable Software and Affected Versions:

Squid versions 6.3 and below

Description:

Squid is vulnerable to a heap buffer overflow and possible remote code execution when processing URN due to incorrect buffer management. This issue allows a remote server to perform a buffer overflow attack when delivering URN Trivial-HTTP responses.

Recommendations:

Upgrade to version 6.4.

Disable URN access permissions.