Description
The strHdrAcptLangGetItem function in errorpage.cc in Squid 3.2.x before 3.2.9 and 3.3.x before 3.3.3 allows remote attackers to cause a denial of service (infinite loop and CPU consumption) via a "," character in an Accept-Language header.
Remediation
References
Related Vulnerabilities
Moodle Other Vulnerability (CVE-2004-2235)
Drupal Core 9.2.x Security Bypass (9.2.0 - 9.2.20)
SharePoint Download of Code Without Integrity Check Vulnerability (CVE-2020-1576)
PHP Exposure of Sensitive Information to an Unauthorized Actor Vulnerability (CVE-2007-2748)
Apache HTTP Server Use of Incorrectly-Resolved Name or Reference Vulnerability (CVE-2019-0220)