Squid: Memory disclosure in FTP gateway
30Vexday Risk Score
Sin señal de explotación. Ella tiene prueba de concepto pública.
ssvc Attendcvss 6.5
de la publicación al arma0 días
Publicada en NVD16 jul
1ª PoC21 jun
probabilidad de explotación
—
explotación observada
noninguna fuente lo reporta
1 exploit(s) público(s)
Squid is a caching proxy for the Web. Prior to 7.6, due to an improper validation of syntactic correctness of input in the FTP gateway (src/clients/FtpGateway.cc), Squid is vulnerable to an out-of-bounds read: when a listing entry date in the TypeA or TypeB directory-listing formats is not followed by a filename, parsing was not restricted to the input buffer, so a trusted client accessing a misbehaving FTP server through Squid's gateway feature could read memory from random unrelated transactions. This issue is fixed in version 7.6.
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
Productos afectados
squid-cache · squidPoCs públicas encontradas — 1
githubgithub.com/0xBlackash/CVE-2026-47729★ 4⚠ Recursos públicos, para evaluar la exposición de sistemas que controlas o estás autorizado a probar. Prueba solo con autorización.
Referencias
https://github.com/squid-cache/squid/commit/865a131c7d557e68c965043d98c2eccae26deef8https://github.com/squid-cache/squid/pull/2408https://github.com/squid-cache/squid/pull/2409https://github.com/squid-cache/squid/releases/tag/SQUID_7_6https://github.com/squid-cache/squid/security/advisories/GHSA-8c37-pxjq-qwrg