Analysis and contextual insights are available on OpenCVE Cloud.
No vendor fix or workaround currently provided.
Additional remediation guidance may be available on OpenCVE Cloud.
Tracking
Sign in to view the affected projects.
| Source | ID | Title |
|---|---|---|
Debian DSA |
DSA-6360-1 | squid security update |
Thu, 16 Jul 2026 16:30:00 +0000
| Type | Values Removed | Values Added |
|---|---|---|
| Description | A flaw was found in Squid. Due to improper input validation, an out-of-bounds read can occur in the FTP gateway. This issue allows an authenticated and trusted client to read memory from random transactions when accessing a misbehaving FTP server using the Squid gateway feature. | Squid is a caching proxy for the Web. Prior to 7.6, due to an improper validation of syntactic correctness of input in the FTP gateway (src/clients/FtpGateway.cc), Squid is vulnerable to an out-of-bounds read: when a listing entry date in the TypeA or TypeB directory-listing formats is not followed by a filename, parsing was not restricted to the input buffer, so a trusted client accessing a misbehaving FTP server through Squid's gateway feature could read memory from random unrelated transactions. This issue is fixed in version 7.6. |
| Title | squid: memory disclosure in FTP gateway | Squid: Memory disclosure in FTP gateway |
| Weaknesses | CWE-1289 | |
| References |
|
Fri, 26 Jun 2026 06:00:00 +0000
| Type | Values Removed | Values Added |
|---|---|---|
| First Time appeared |
Squid-cache
Squid-cache squid |
|
| Vendors & Products |
Squid-cache
Squid-cache squid |
Fri, 26 Jun 2026 00:15:00 +0000
| Type | Values Removed | Values Added |
|---|---|---|
| Description | A flaw was found in Squid. Due to improper input validation, an out-of-bounds read can occur in the FTP gateway. This issue allows an authenticated and trusted client to read memory from random transactions when accessing a misbehaving FTP server using the Squid gateway feature. | |
| Title | squid: memory disclosure in FTP gateway | |
| Weaknesses | CWE-125 | |
| References |
| |
| Metrics |
threat_severity
|
cvssV3_1
|
Status: PUBLISHED
Assigner: GitHub_M
Published:
Updated: 2026-07-16T16:13:19.767Z
Reserved: 2026-05-19T21:29:25.483Z
Link: CVE-2026-47729
No data.
No data.
OpenCVE Enrichment
Updated: 2026-06-26T05:45:04Z
Debian DSA