CVE-2012-3501

🗓️ 25 Aug 2012 10:00:00Reported by redhatType

The squidclamav_check_preview_handler function in SquidClamav 5.x before 5.8 and 6.x before 6.7 passes an unescaped URL to a system command call, which allows remote attackers to cause a denial of service (daemon crash) via a URL with certain characters, as demonstrated using %0D or %0A

Reporter	Title	Published	Views	Family All 16
FreeBSD	squidclamav -- Denial of Service	24 Jul 201200:00	–	freebsd
CVE	CVE-2012-3501	25 Aug 201210:00	–	cve
EUVD	EUVD-2012-3457	7 Oct 202500:30	–	euvd
Tenable Nessus	FreeBSD : squidclamav -- Denial of Service (8defa0f9-ee8a-11e1-8bd8-0022156e8794)	27 Aug 201200:00	–	nessus
Tenable Nessus	GLSA-201209-08 : SquidClamav: Denial of Service	25 Sep 201200:00	–	nessus
Tenable Nessus	SquidClamav Specially Crafted Character Parsing Remote DoS	10 Sep 201200:00	–	nessus
Gentoo Linux	SquidClamav: Denial of service	24 Sep 201200:00	–	gentoo
NVD	CVE-2012-3501	25 Aug 201210:29	–	nvd
OpenVAS	SquidClamav URL Parsing DoS Vulnerability	17 Sep 201200:00	–	openvas
OpenVAS	FreeBSD Ports: squidclamav	30 Aug 201200:00	–	openvas

Source	Link
osvdb	www.osvdb.org/84138
squidclamav	www.squidclamav.darold.net/news.html
secunia	www.secunia.com/advisories/49057
bugs	www.bugs.gentoo.org/show_bug.cgi
github	www.github.com/darold/squidclamav/commit/80f74451f628264d1d9a1f1c0bbcebc932ba5e00
freecode	www.freecode.com/projects/squidclamav/releases/346722
openwall	www.openwall.com/lists/oss-security/2012/08/16/2
securityfocus	www.securityfocus.com/bid/54663
openwall	www.openwall.com/lists/oss-security/2012/08/16/4

25 Aug 2012 10:00Current

6.4Medium risk

Vulners AI Score6.4

EPSS0.0229