A NULL pointer dereference flaw was found in the way Squid processes ESI responses. If Squid was used as a reverse proxy or for TLS/HTTPS interception, a malicious server could use this flaw to crash the Squid worker process.
www.squid-cache.org/Advisories/SQUID-2016_9.txt
bugzilla.redhat.com/show_bug.cgi?id=1334246