Mandriva Linux Security Advisory 2009-241 – The strListGetItem function in src/HttpHeaderTools.c in Squid 2.7 allows remote attackers to cause a denial of service via a crafted auth header with certain comma delimiters that trigger an infinite loop of calls to the strcspn function. This update provides a solution to this vulnerability. Packages for 2008.0 are provided for Corporate Desktop 2008.0 customers.
You can download this advisory from the following link: https://packetstormsecurity.com/files/download/85023/MDVSA-2009-241-1.txt
Source: https://packetstormsecurity.com/files/85023/Mandriva-Linux-Security-Advisory-2009-241.html