memory-disclosure
Safeguard articles tagged "memory-disclosure" — guides, analysis, and best practices for software supply chain and application security.
6 articles
Citrix Bleed (CVE-2023-4966) Explained: Leaking Session Tokens Straight Past MFA
CVE-2023-4966, Citrix Bleed, let unauthenticated attackers read memory from NetScaler appliances and steal valid session tokens — hijacking sessions and bypassing multi-factor authentication.
Heartbleed (CVE-2014-0160) Explained: When OpenSSL Leaked Memory to Anyone
CVE-2014-0160, Heartbleed, let remote attackers read up to 64KB of an OpenSSL server's memory per request — private keys, sessions, passwords. Here is the missing bounds check that caused it.
Squidbleed (CVE-2026-47729): A 1997 Default Comes Back to Bite Squid
A one-line FTP-parsing bug from 1997 lets any user of a shared Squid proxy read other people's cleartext HTTP requests. We break down the root cause, why ancient defaults survive, and how to remediate.
Citrix NetScaler CVE-2026-3055: The SAML Memory-Overread CitrixBleed Echo of 2026
CVE-2026-3055 is an unauthenticated memory overread in NetScaler ADC/Gateway configured as a SAML IdP, CVSS 9.3, exploited since late March 2026 and drawing direct CitrixBleed comparisons. Full analysis.
Citrix Bleed 2: Analysis and Mitigation
CVE-2025-5777 revived the memory-leak pattern that broke NetScaler in 2023. Here is what the 2025 variant does, who is exploiting it, and how to respond.
CVE-2025-5777 (Citrix Bleed 2): NetScaler Memory Disclosure Deep Dive
A second Citrix Bleed leaks session tokens from NetScaler ADC and Gateway memory. We dissect the buffer over-read and the IR playbook.