CVE-2020-10180

CRITICAL

Eset Cyber Security < 1294 - Interpretation Conflict

Title source: rule

Description

The ESET AV parsing engine allows virus-detection bypass via a crafted BZ2 Checksum field in an archive. This affects versions before 1294 of Smart Security Premium, Internet Security, NOD32 Antivirus, Cyber Security Pro (macOS), Cyber Security (macOS), Mobile Security for Android, Smart TV Security, and NOD32 Antivirus 4 for Linux Desktop.

References (1)

[Third Party Advisory] https://blog.zoller.lu/p/tzo-11-2020-eset-generic-malformed.html

Scores

CVSS v3 9.8

EPSS 0.0047

EPSS Percentile 64.6%

Attack Vector NETWORK

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Details

CWE

CWE-436

Status published

Products (6)

eset/cyber_security < 1294 (2 CPE variants)

eset/mobile_security < 1294

eset/nod32_antivirus 4

eset/nod32_antivirus < 1294

eset/smart_security < 1294 (2 CPE variants)

eset/smart_tv_security < 1294

Published Mar 05, 2020

Tracked Since Feb 18, 2026