Mandriva Linux Security Advisory 2009-241 – The strListGetItem function in src/HttpHeaderTools.c in Squid 2.7 allows remote attackers to cause a denial of service via a crafted auth header with certain comma delimiters that trigger an infinite loop of calls to the strcspn function. This update provides a solution to this vulnerability.
You can download this advisory from the following link: https://packetstormsecurity.com/files/download/81541/MDVSA-2009-241.txt
Source: https://packetstormsecurity.com/files/81541/Mandriva-Linux-Security-Advisory-2009-241.html