Squid through 4.14 and 5.x through 5.0.5, in some configurations, allows information disclosure because of an out-of-bounds read in WCCP protocol data. This can be leveraged as part of a chain for remote code execution as nobody.
https://github.com/squid-cache/squid/security/advisories/GHSA-rgf3-9v3p-qp82
http://www.squid-cache.org/Versions/
https://www.zerodayinitiative.com/advisories/ZDI-21-157/
https://security.gentoo.org/glsa/202105-14
Source: MITRE
Published: 2021-03-09
Updated: 2022-06-28
Type: CWE-125
Base Score: 4.3
Vector: AV:N/AC:M/Au:N/C:P/I:N/A:N
Impact Score: 2.9
Exploitability Score: 8.6
Severity: MEDIUM
Base Score: 5.3
Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
Impact Score: 1.4
Exploitability Score: 3.9
Severity: MEDIUM