The top answer includes a demo server that can exploit a connecting client.
Practical exploitation of many clients is probably useless because they aren’t persistent. Like wget. There aren’t a lot of secrets in wget memory. Maybe your username, home directory, whatever is available via getenv.
Browsers would be a bigger issue. For instance, lynx might be coerced into visiting a link and divulging all manner of secret data from previous connections.