From bleepingcomputer.com
Multiple versions of the Squid web proxy cache server built with Basic Authentication features are currently vulnerable to code execution and denial-of-service (DoS) attacks triggered by the exploitation of a heap buffer overflow security flaw.
The vulnerability present in Squid 4.0.23 through 4.7 is caused by incorrect buffer management which renders vulnerable installations to “a heap overflow and possible remote code execution attack when processing HTTP Authentication credentials.”
“When checking Basic Authentication with HttpHeader::getAuth, Squid uses a global buffer to store the decoded data,” says MITRE’s description of the vulnerability. “Squid does not check that the decoded length isn’t greater than the buffer, leading to a heap-based buffer overflow with user controlled data.”