All Topics
All Topics
Technology
Technology
AI
AI
Business
Business
Entertainment
Entertainment
News
News
Programming
Programming
Security
Security
Science
Science
Design
Design
Environment
Environment
Finance
Finance
Crypto
Crypto
Politics
Politics
Sports
Sports
Education
Education
Gaming
Gaming
Art
Art
Music
Music
Health
Health
Books
Books
Food
Food
Travel
Travel
Personal
Personal
Bluesky
Twitter

29-year-old 'Squidbleed' memory leak vulnerability discovered in Squid proxy server

By

Jessica Lyons

2h ago· 4 min readenNews
technologysecurity

Summary

A security researcher at Mythos Preview discovered a 29-year-old memory leak vulnerability in Squid, a widely-used open-source caching proxy server. Dubbed "Squidbleed" and reminiscent of the Heartbleed bug, the flaw silently leaked users' plaintext HTTP requests, potentially exposing sensitive data like credentials and session tokens since the Clinton era. The vulnerability was reported to project maintainers who fixed the code earlier this month. Squid is commonly deployed by large corporations, schools, and other organizations.

Source

bsky29-year-old 'Squidbleed' memory leak vulnerability discovered in Squid proxy servertheregister.com

Key quotes

· 3 pulled
Sometimes it takes a while to detect a vuln.
A 29-year-old, Heartbleed-style vulnerability in Squid, a popular open-source caching proxy server, silently leaked users' plaintext HTTP requests and potentially revealed sensitive data, including credentials and session tokens, for decades
until AI (and a few humans) saved the day.
Snippet from the RSS feed
Plus more blasts from the past: NetWare, FTP, and HTTP

You might also wanna read

Proof-of-Concept Exploit Released for Critical NGINX Heap Buffer Overflow (CVE-2026-42945)

A proof-of-concept exploit for CVE-2026-42945, a critical heap buffer overflow vulnerability in NGINX's ngx_http_rewrite_module that has exi

github.com·1mo ago

25-Year-Old curl Vulnerability (CVE-2026-8932) Patched in Record 18-CVE Security Release

A critical 25-year-old security vulnerability (CVE-2026-8932) in curl, dating back to version 7.7 from March 2001, has been patched as part

cybersecuritynews.com·14h ago

MongoBleed Vulnerability (CVE-2025-14847): Critical MongoDB Security Flaw Explained

MongoBleed (CVE-2025-14847) is a critical security vulnerability affecting MongoDB databases since 2017. The bug exists in the zlib1 message

bigdata.2minutestreaming.com·5mo ago

MongoDB Security Update: Vulnerability CVE-2025-14847 ("Mongobleed") Identified in December 2025

MongoDB has identified a security vulnerability (CVE-2025-14847, informally called "Mongobleed") affecting MongoDB Server. The company outli

mongodb.com·5mo ago

Critical Cache Poisoning Vulnerability Discovered in Dnsmasq DNS Software

A security researcher from Tsinghua University has responsibly disclosed a critical cache poisoning vulnerability in Dnsmasq DNS software. T

lists.thekelleys.org.uk·10mo ago

Technical Analysis of CVE-2025-53149: Heap-based Buffer Overflow in Windows Kernel Streaming Driver

Researchers discovered CVE-2025-53149, a heap-based buffer overflow vulnerability in the Windows Kernel Streaming WOW Thunk Service Driver (

crowdfense.com·9mo ago

Comments

Sign in to join the conversation.

No comments yet. Be the first.