CVE-2026-47729
EUVD-2026-4496216.07.2026, 17:16
Squid is a caching proxy for the Web. Prior to 7.6, due to an improper validation of syntactic correctness of input in the FTP gateway (src/clients/FtpGateway.cc), Squid is vulnerable to an out-of-bounds read: when a listing entry date in the TypeA or TypeB directory-listing formats is not followed by a filename, parsing was not restricted to the input buffer, so a trusted client accessing a misbehaving FTP server through Squid's gateway feature could read memory from random unrelated transactions. This issue is fixed in version 7.6.Enginsight
Awaiting analysis
This vulnerability is currently awaiting analysis.
Debian Releases
Common Weakness Enumeration
References