Due to incorrect pointer handling Squid is vulnerable to denial of service attack when processing ESI responses.