SecPod SCAP Repo, a repository of SCAP Content (CVE, CCE, CPE, CWE, OVAL and XCCDF)

Download | Alert*

CVE

CVE-2012-3501

The squidclamav_check_preview_handler function in squidclamav.c in SquidClamav 5.x before 5.8 and 6.x before 6.7 passes an unescaped URL to a system command call, which allows remote attackers to cause a denial of service (daemon crash) via a URL with certain characters, as demonstrated using %0D or %0A.

CVSS Score and Metrics +CVSS Score and Metrics -

CVSS V2 Severity:
CVSS Score : 5.0
Exploit Score: 10.0
Impact Score: 2.9

CVSS V2 Metrics:
Access Vector: NETWORK
Access Complexity: LOW
Authentication: NONE
Confidentiality: NONE
Integrity: NONE
Availability: PARTIAL

Reference:

SECUNIA-49057

BID-54663

OSVDB-84138

http://www.openwall.com/lists/oss-security/2012/08/16/2

http://www.openwall.com/lists/oss-security/2012/08/16/4

http://freecode.com/projects/squidclamav/releases/346722

http://squidclamav.darold.net/news.html

https://bugs.gentoo.org/show_bug.cgi?id=428778

https://github.com/darold/squidclamav/commit/80f74451f628264d1d9a1f1c0bbcebc932ba5e00


30430



423868



247768



909



194555



282