Lucene search

FreeBSD8DEFA0F9-EE8A-11E1-8BD8-0022156E8794

HistoryJul 24, 2012 - 12:00 a.m.

squidclamav -- Denial of Service

2012-07-2400:00:00

vuxml.freebsd.org

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:N/I:N/A:P

EPSS

0.056

Percentile

93.4%

JSON

SquidClamav developers report:

Add a workaround for a squidGuard bug that unescape
the URL and send it back unescaped. This result in garbage
staying into pipe of the system command call and could crash
squidclamav on next read or return false information.
This is specially true with URL containing the %0D or %0A
character.

This vulnerability can be triggered only in configurations
where external chained URL checker is configured via
“squidguard” directive.

OSVersionArchitecturePackageVersionFilename
FreeBSDanynoarchsquidclamav< 5.7_1UNKNOWN

OS	Version	Architecture	Package	Version	Filename
FreeBSD	any	noarch	squidclamav	< 5.7_1	UNKNOWN

References

squidclamav.darold.net/news.html

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:N/I:N/A:P

EPSS

0.056

Percentile

93.4%

JSON

Related for 8DEFA0F9-EE8A-11E1-8BD8-0022156E8794