CVE-2020-9342

medium

Description

The F-Secure AV parsing engine before 2020-02-05 allows virus-detection bypass via crafted Compression Method data in a GZIP archive. This affects versions before 17.0.605.474 (on Linux) of Cloud Protection For Salesforce, Email and Server Security, and Internet GateKeeper.

References

Advisories

https://seclists.org/bugtraq/2020/Feb/33

https://blog.zoller.lu/p/tzo-16-2020-f-secure-generic-malformed.html

http://seclists.org/fulldisclosure/2020/Feb/33

http://packetstormsecurity.com/files/156506/F-SECURE-Generic-Malformed-Container-Bypass.html

Details

Source: Mitre, NVD

Published: 2020-02-22

Updated: 2024-11-21

Risk Information

CVSS v2

Base Score: 4.3

Vector: CVSS2#AV:N/AC:M/Au:N/C:N/I:P/A:N

Severity: Medium

CVSS v3

Base Score: 5.5

Vector: CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N

Severity: Medium

EPSS

EPSS: 0.00263