CVE-2020-9342

MEDIUM

F-secure Cloud Protection For Salesforce - Interpretation Conflict

Title source: rule

Description

The F-Secure AV parsing engine before 2020-02-05 allows virus-detection bypass via crafted Compression Method data in a GZIP archive. This affects versions before 17.0.605.474 (on Linux) of Cloud Protection For Salesforce, Email and Server Security, and Internet GateKeeper.

References (4)

[Third Party Advisory] https://blog.zoller.lu/p/tzo-16-2020-f-secure-generic-malformed.html

[Mailing List, Third Party Advisory] https://seclists.org/bugtraq/2020/Feb/33

[Third Party Advisory, VDB Entry] http://packetstormsecurity.com/files/156506/F-SECURE-Generic-Malformed-Container-Bypass.html

[Mailing List, Third Party Advisory] http://seclists.org/fulldisclosure/2020/Feb/33

Scores

CVSS v3 5.5

EPSS 0.0025

EPSS Percentile 48.1%

Attack Vector LOCAL

CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N

Details

CWE

CWE-436

Status published

Products (3)

f-secure/cloud_protection_for_salesforce < 17.0.605.474

f-secure/email_and_server_security < 17.0.605.474

f-secure/internet_gatekeeper < 17.0.605.474

Published Feb 22, 2020

Tracked Since Feb 18, 2026