CVE-2020-10180

The ESET AV parsing engine allows virus-detection bypass via a crafted BZ2 Checksum field in an archive. This affects versions before 1294 of Smart Security Premium, Internet Security, NOD32 Antivirus, Cyber Security Pro (macOS), Cyber Security (macOS), Mobile Security for Android, Smart TV Security, and NOD32 Antivirus 4 for Linux Desktop.

Published: Mar 5, 2020
Updated: Apr 13, 2023
CVE: CVE-2020-10180
Severity: Critical
Exploit:

CVSS v3:

Severity: Critical
Score: 9.8
AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

CVSS v2:

Severity: High
Score: 7.5
AV:N/AC:L/Au:N/C:P/I:P/A:P

CWEs:

CWE-436

Affected Software
References

Software	From	Fixed in
eset / nod32_antivirus	4	4.x
eset / smart_security	-	1294
eset / nod32_antivirus	-	1294
eset / mobile_security	-	1294
eset / smart_tv_security	-	1294
eset / cyber_security	-	1294

https://blog.zoller.lu/p/tzo-11-2020-eset-generic-malformed.html

Vulnerability Database

289,697

CVE-2020-10180