Access.logのHTTPメソッドやuseragent.logの内容でバッファオーバーフローの脆弱性が存在するそうです。

The access.log has to be manually created to trigger the exploit, as Squid will not allow malformed HTTP methods.
The useragent log is more critical, as this vulnerability can be exploited by just passing the useragent string within a request to the Squid proxy.