CVSS2
Attack Vector
NETWORK
Attack Complexity
LOW
Authentication
NONE
Confidentiality Impact
NONE
Integrity Impact
NONE
Availability Impact
PARTIAL
AV:N/AC:L/Au:N/C:N/I:N/A:P
EPSS
Percentile
93.4%
SquidClamav developers report:
Add a workaround for a squidGuard bug that unescape
the URL and send it back unescaped. This result in garbage
staying into pipe of the system command call and could crash
squidclamav on next read or return false information.
This is specially true with URL containing the %0D or %0A
character.
This vulnerability can be triggered only in configurations
where external chained URL checker is configured via
“squidguard” directive.
OS | Version | Architecture | Package | Version | Filename |
---|---|---|---|---|---|
FreeBSD | any | noarch | squidclamav | < 5.7_1 | UNKNOWN |