Quote:Squid's development team has released a security update on October 27 patching a Denial of Service (DoS) SNMP processing issue and a Cross-Site Scripting (XSS) issue in TLS error processing.

The Squid fully-featured HTTP/1.0  proxy provides authorization and logging features for web proxies and Internet-facing applications, and it can be installed and used on a multitude of platforms from Linux-based machines to Windows computers, as well as macOS-powered workstations using the Fink package manager.

According to the SQUID-2018:5 security advisory, the vulnerability is caused by an SNMP query rejection code memory leak which can lead to a DoS condition by allowing a potential remote attacker to "consume all memory available to the Squid process, causing it to crash."

Squid's developers have already fixed the issue in the Squid 4.4 release, and they also provide patches addressing the bug for the Squid 3.5 and Squid 4 stable releases.