The squidclamav_check_preview_handler function in squidclamav.c in SquidClamav 5.x before 5.8 and 6.x before 6.7 passes an unescaped URL to a system command call, which allows remote attackers to cause a denial of service (daemon crash) via a URL with certain characters, as demonstrated using %0D or %0A.
References
Configurations
Configuration 1 (hide)
|
History
No history.
Information
Published : 2012-08-25 10:29
Updated : 2024-02-04 18:16
NVD link : CVE-2012-3501
Mitre link : CVE-2012-3501
CVE.ORG link : CVE-2012-3501
JSON object : View
Products Affected
darold
- squidclamav
CWE
CWE-119
Improper Restriction of Operations within the Bounds of a Memory Buffer