CVE-2012-3501

The squidclamav_check_preview_handler function in squidclamav.c in SquidClamav 5.x before 5.8 and 6.x before 6.7 passes an unescaped URL to a system command call, which allows remote attackers to cause a denial of service (daemon crash) via a URL with certain characters, as demonstrated using %0D or %0A.
Configurations

Configuration 1 (hide)

OR cpe:2.3:a:darold:squidclamav:5.0:*:*:*:*:*:*:*
cpe:2.3:a:darold:squidclamav:5.1:*:*:*:*:*:*:*
cpe:2.3:a:darold:squidclamav:5.2:*:*:*:*:*:*:*
cpe:2.3:a:darold:squidclamav:5.3:*:*:*:*:*:*:*
cpe:2.3:a:darold:squidclamav:5.4:*:*:*:*:*:*:*
cpe:2.3:a:darold:squidclamav:5.5:*:*:*:*:*:*:*
cpe:2.3:a:darold:squidclamav:5.6:*:*:*:*:*:*:*
cpe:2.3:a:darold:squidclamav:5.7:*:*:*:*:*:*:*
cpe:2.3:a:darold:squidclamav:6.0:*:*:*:*:*:*:*
cpe:2.3:a:darold:squidclamav:6.1:*:*:*:*:*:*:*
cpe:2.3:a:darold:squidclamav:6.2:*:*:*:*:*:*:*
cpe:2.3:a:darold:squidclamav:6.3:*:*:*:*:*:*:*
cpe:2.3:a:darold:squidclamav:6.4:*:*:*:*:*:*:*
cpe:2.3:a:darold:squidclamav:6.5:*:*:*:*:*:*:*
cpe:2.3:a:darold:squidclamav:6.6:*:*:*:*:*:*:*

History

No history.

Information

Published : 2012-08-25 10:29

Updated : 2024-02-04 18:16


NVD link : CVE-2012-3501

Mitre link : CVE-2012-3501

CVE.ORG link : CVE-2012-3501


JSON object : View

Products Affected

darold

  • squidclamav
CWE
CWE-119

Improper Restriction of Operations within the Bounds of a Memory Buffer