CVE-2020-9342

The F-Secure AV parsing engine before 2020-02-05 allows virus-detection bypass via crafted Compression Method data in a GZIP archive. This affects versions before 17.0.605.474 (on Linux) of Cloud Protection For Salesforce, Email and Server Security, and Internet GateKeeper.

Published: Feb 23, 2020
Updated: Apr 14, 2023
CVE: CVE-2020-9342
Severity: Medium
Exploit:

CVSS v3:

Severity: Medium
Score: 5.5
AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N

CVSS v2:

Severity: Low
Score: 4.3
AV:N/AC:M/Au:N/C:N/I:P/A:N

CWEs:

CWE-436

Affected Software
References

Software	From	Fixed in
f-secure / cloud_protection_for_salesforce	-	17.0.605.474
f-secure / internet_gatekeeper	-	17.0.605.474
f-secure / email_and_server_security	-	17.0.605.474

http://packetstormsecurity.com/files/156506/F-SECURE-Generic-Malformed-Container-Bypass.html
http://seclists.org/fulldisclosure/2020/Feb/33
https://blog.zoller.lu/p/tzo-16-2020-f-secure-generic-malformed.html
https://seclists.org/bugtraq/2020/Feb/33

Vulnerability Database

289,697

CVE-2020-9342