CVE-2020-9342

CWE-436 — Interpretation Conflict CWE-20 — Improper Input Validation3 documents3 sources

Severity

5.5MEDIUM

EPSS

0.3%

top 51.79%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

F-secure Cloud Protection FOR Salesforce F-secure Email AND Server Security F-secure Internet Gatekeeper

Timeline

PublishedFeb 22

Latest updateMay 24

Description

The F-Secure AV parsing engine before 2020-02-05 allows virus-detection bypass via crafted Compression Method data in a GZIP archive. This affects versions before 17.0.605.474 (on Linux) of Cloud Protection For Salesforce, Email and Server Security, and Internet GateKeeper.

CVSS vector

CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:NExploitability: 1.8 | Impact: 3.6

Affected Packages3 packages

▶NVDf-secure/cloud_protection< 17.0.605.474

▶NVDf-secure/internet_gatekeeper< 17.0.605.474

▶NVDf-secure/email_and< 17.0.605.474

🔴Vulnerability Details

GHSA

GHSA-3g4g-934h-pjq7: The F-Secure AV parsing engine before 2020-02-05 allows virus-detection bypass via crafted Compression Method data in a GZIP archive↗2022-05-24

▶

CVEList

CVE-2020-9342: The F-Secure AV parsing engine before 2020-02-05 allows virus-detection bypass via crafted Compression Method data in a GZIP archive↗2020-02-22

▶