🟠 High  |  Source: The Register — Security

Security research firm Mythos has uncovered ‘Squidbleed’, a memory leak vulnerability in Squid proxy software that has apparently existed undetected since the mid-1990s. The finding is part of a broader investigation surfacing long-standing security flaws in legacy protocols and software including NetWare, FTP, and HTTP. Memory leaks of this nature can expose sensitive data in process memory, potentially including credentials, session tokens, or cryptographic material.

Security Architect’s Take: Audit your environment for any Squid proxy deployments — including those embedded in network appliances, container images, or cloud-native egress solutions — and apply patches as soon as they become available. Given the vulnerability’s age, assume it may be present in older base images and treat any Squid instance handling sensitive traffic as potentially compromised until patched.

Original advisory: Mythos discovers ‘Squidbleed,’ a memory leak that’s gone undetected since Clinton era