Mythos discovers 'Squidbleed,' a memory leak that's gone undetected since Clinton era
ID: 29c217f8-a881-5441-8f73-fa7606e463c2
STIX ID: report--29c217f8-a881-5441-8f73-fa7606e463c2
Feed Name: The Register (Security)
Squidbleed (CVE-2026-47729) is a long-standing heap overread in Squid's FTP directory listing parser that can leak internal memory — including plaintext HTTP requests, credentials, and session tokens — when Squid inspects cleartext HTTP and can reach an attacker-controlled FTP server on port 21. The bug stems from a 1997 commit handling NetWare FTP listings; it was reported and patched in Squid v7.6 (June 8). Mitigations include applying the patch and disabling FTP support if not required.
Your team is not currently subscribed to this feed. You must subscribe to it in order to see this post.
