CVE-2020-9342
MEDIUMF-Secure Cloud Protection < 17.0.605.474 - Virus Detection Bypass via GZIP
Title source: llmDescription
The F-Secure AV parsing engine before 2020-02-05 allows virus-detection bypass via crafted Compression Method data in a GZIP archive. This affects versions before 17.0.605.474 (on Linux) of Cloud Protection For Salesforce, Email and Server Security, and Internet GateKeeper.
References (4)
Core 4
Core References
Third Party Advisory x_refsource_misc
https://blog.zoller.lu/p/tzo-16-2020-f-secure-generic-malformed.html
Mailing List, Third Party Advisory mailing-list
x_refsource_bugtraq
https://seclists.org/bugtraq/2020/Feb/33
Third Party Advisory, VDB Entry x_refsource_misc
http://packetstormsecurity.com/files/156506/F-SECURE-Generic-Malformed-Container-Bypass.html
Mailing List, Third Party Advisory mailing-list
x_refsource_fulldisc
http://seclists.org/fulldisclosure/2020/Feb/33
Scores
CVSS v3
5.5
EPSS
0.0160
EPSS Percentile
72.6%
Attack Vector
LOCAL
CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N
Details
CWE
CWE-436
Status
published
Products (3)
f-secure/cloud_protection_for_salesforce
< 17.0.605.474
f-secure/email_and_server_security
< 17.0.605.474
f-secure/internet_gatekeeper
< 17.0.605.474
Published
Feb 22, 2020
Tracked Since
Feb 18, 2026