Off-by-one error in the snmpHandleUdp function in snmp_core.cc in Squid 2.x
and 3.x, when an SNMP port is configured, allows remote attackers to cause a
denial of service (crash) or possibly execute arbitrary code via a crafted
UDP SNMP request, which triggers a heap-based buffer overflow.
Upstream commits fixing the issue:
The issue was fixed in >=net-proxy/squid-3.4.8.
Assigned to existing GLSA.
This issue was resolved and addressed in
GLSA 201607-01 at https://security.gentoo.org/glsa/201607-01
by GLSA coordinator Aaron Bauman (b-man).