Squidbleed: 29-Year-Old Vulnerability in Squid Proxy Exposes Sensitive Data
Security researchers at Calif.io have uncovered a critical memory disclosure vulnerability in Squid Proxy, dubbed Squidbleed, which has remained undetected since 1997. The flaw, discovered with the help of Anthropic’s Claude Mythos Preview AI, allows attackers to silently leak HTTP headers including passwords and API keys from other users sharing the same proxy.
The Vulnerability
Squidbleed (CVE pending) is a heap buffer overread in Squid’s FTP directory listing parser. The bug stems from a 1997 commit that introduced logic to handle NetWare FTP servers, which used extra whitespace in directory listings. A critical oversight in the strchr function where the null terminator (\0) is treated as part of the search string causes the parser to read beyond allocated memory when no filename follows a timestamp.
This results in a confirmed heap overread of up to 4,065 bytes, exposing stale HTTP request data from previously freed 4KB buffers. Since Squid reuses memory without zeroing it, an attacker controlling an FTP server can trigger the flaw via a malformed directory listing, causing the proxy to return sensitive data such as Authorization headers and session tokens as part of the FTP response.
Attack Conditions
The exploit requires:
- FTP support enabled (default in Squid).
- An attacker-controlled FTP server reachable on TCP port 21 (allowed by Squid’s default
Safe_portsACL). - Victim traffic passing through the proxy as cleartext HTTP (HTTPS CONNECT tunnels are unaffected).
Researchers demonstrated the attack by leaking Authorization headers from a login page via a shared Squid proxy. A proof-of-concept exploit is publicly available on GitHub.
The Fix & Mitigation
The vulnerability was patched with a single-line null check before each strchr call:
- while (strchr(w_space, *copyFrom))
+ while (*copyFrom && strchr(w_space, *copyFrom))
The fix has been merged into Squid’s repository. Administrators are advised to disable FTP support unless explicitly required, as modern browsers (including Chromium-based ones) no longer support FTP, making legitimate proxy traffic rare.
AI-Assisted Discovery
The flaw was identified using Claude Mythos Preview, which flagged the strchr null terminator behavior during an analysis of Squid’s FTP state machine. This follows a growing trend of AI-assisted security audits, with the team previously uncovering an HTTP/2 vulnerability using OpenAI’s Codex Cyber.
The discovery highlights how LLMs trained on C standards can detect subtle API contract violations that evade traditional code reviews.
Source: https://cybersecuritynews.com/squidbleed-vulnerability/
Squid HTTP Proxy project cybersecurity rating report: https://www.rankiteo.com/company/squid-http-proxy-project
"id": "SQU1782145878",
"linkid": "squid-http-proxy-project",
"type": "Vulnerability",
"date": "1/1997",
"severity": "85",
"impact": "4",
"explanation": "Attack with significant impact with customers data leaks"{'affected_entities': [{'customers_affected': 'Users of Squid Proxy with FTP '
'support enabled',
'industry': 'Technology/Networking',
'name': 'Squid Proxy',
'type': 'Software/Proxy Server'}],
'attack_vector': 'Malformed FTP directory listing via attacker-controlled FTP '
'server',
'customer_advisories': 'Users advised to disable FTP support or apply the '
'patch immediately.',
'data_breach': {'data_exfiltration': 'Yes (via malformed FTP responses)',
'personally_identifiable_information': 'Yes (session tokens, '
'credentials)',
'sensitivity_of_data': 'High (personally identifiable and '
'authentication data)',
'type_of_data_compromised': 'HTTP headers (Authorization '
'headers, session tokens, '
'passwords, API keys)'},
'description': 'Security researchers at Calif.io uncovered a critical memory '
'disclosure vulnerability in Squid Proxy, dubbed Squidbleed, '
'which has remained undetected since 1997. The flaw allows '
'attackers to silently leak HTTP headers, including passwords '
'and API keys, from other users sharing the same proxy.',
'impact': {'data_compromised': 'HTTP headers (including passwords, API keys, '
'Authorization headers, session tokens)',
'identity_theft_risk': 'High (due to exposure of sensitive '
'credentials)',
'systems_affected': 'Squid Proxy (versions with FTP support '
'enabled)'},
'investigation_status': 'Vulnerability patched and disclosed',
'lessons_learned': 'Highlights the risks of legacy code and the effectiveness '
'of AI-assisted security audits in identifying subtle API '
'contract violations.',
'post_incident_analysis': {'corrective_actions': 'Single-line null check fix '
'before `strchr` calls. '
'Disabling FTP support as a '
'mitigation.',
'root_causes': '1997 commit introducing logic for '
'NetWare FTP servers with a '
'critical oversight in the `strchr` '
'function, leading to heap buffer '
'overread.'},
'recommendations': 'Disable FTP support in Squid Proxy unless explicitly '
'required. Apply the patch with the null check fix. '
'Monitor for AI-assisted security tools to improve '
'vulnerability detection.',
'references': [{'source': 'Calif.io Research',
'url': 'https://github.com/califio/squidbleed-poc'}],
'response': {'containment_measures': 'Disable FTP support unless explicitly '
'required',
'remediation_measures': 'Single-line null check fix merged into '
'Squid’s repository'},
'title': 'Squidbleed: 29-Year-Old Vulnerability in Squid Proxy Exposes '
'Sensitive Data',
'type': 'Memory Disclosure Vulnerability',
'vulnerability_exploited': 'Heap buffer overread in Squid’s FTP directory '
'listing parser (CVE pending)'}