The strHdrAcptLangGetItem function in errorpage.cc in Squid 3.2.x before 3.2.9 and 3.3.x before 3.3.3 allows remote attackers to cause a denial of service (infinite loop and CPU consumption) via a "," character in an Accept-Language header.
Gentoo Linux Security Advisory 201309-22 - Multiple vulnerabilities have been found in Squid, possibly resulting in remote Denial of Service. Versions less than 3.2.13 are affected.