Squid is a caching proxy for the Web. Prior to 7.6, due to an improper validation of syntactic correctness of input in the FTP gateway (src/clients/FtpGateway.cc), Squid is vulnerable to an out-of-bounds read: when a listing entry date in the TypeA or TypeB directory-listing formats is not followed by a filename, parsing was not restricted to the input buffer, so a trusted client accessing a misbehaving FTP server through Squid's gateway feature could read memory from random unrelated transactions. This issue is fixed in version 7.6.
Advisories
| Source | ID | Title |
|---|---|---|
Debian DSA |
DSA-6360-1 | squid security update |
Fixes
Solution
No solution given by the vendor.
Workaround
No workaround given by the vendor.
References
History
Thu, 16 Jul 2026 16:30:00 +0000
| Type | Values Removed | Values Added |
|---|---|---|
| Description | A flaw was found in Squid. Due to improper input validation, an out-of-bounds read can occur in the FTP gateway. This issue allows an authenticated and trusted client to read memory from random transactions when accessing a misbehaving FTP server using the Squid gateway feature. | Squid is a caching proxy for the Web. Prior to 7.6, due to an improper validation of syntactic correctness of input in the FTP gateway (src/clients/FtpGateway.cc), Squid is vulnerable to an out-of-bounds read: when a listing entry date in the TypeA or TypeB directory-listing formats is not followed by a filename, parsing was not restricted to the input buffer, so a trusted client accessing a misbehaving FTP server through Squid's gateway feature could read memory from random unrelated transactions. This issue is fixed in version 7.6. |
| Title | squid: memory disclosure in FTP gateway | Squid: Memory disclosure in FTP gateway |
| Weaknesses | CWE-1289 | |
| References |
|
Fri, 26 Jun 2026 06:00:00 +0000
| Type | Values Removed | Values Added |
|---|---|---|
| First Time appeared |
Squid-cache
Squid-cache squid |
|
| Vendors & Products |
Squid-cache
Squid-cache squid |
Fri, 26 Jun 2026 00:15:00 +0000
| Type | Values Removed | Values Added |
|---|---|---|
| Description | A flaw was found in Squid. Due to improper input validation, an out-of-bounds read can occur in the FTP gateway. This issue allows an authenticated and trusted client to read memory from random transactions when accessing a misbehaving FTP server using the Squid gateway feature. | |
| Title | squid: memory disclosure in FTP gateway | |
| Weaknesses | CWE-125 | |
| References |
| |
| Metrics |
threat_severity
|
cvssV3_1
|
Projects
Sign in to view the affected projects.
Status: PUBLISHED
Assigner: GitHub_M
Published:
Updated: 2026-07-16T16:13:19.767Z
Reserved: 2026-05-19T21:29:25.483Z
Link: CVE-2026-47729
No data.
No data.
OpenCVE Enrichment
Updated: 2026-06-26T05:45:04Z
Debian DSA