CVE-2020-9399

MEDIUM

Avast Antivirus For Linux < 12.0 - Interpretation Conflict

Title source: rule

Description

The Avast AV parsing engine allows virus-detection bypass via a crafted ZIP archive. This affects versions before 12 definitions 200114-0 of Antivirus Pro, Antivirus Pro Plus, and Antivirus for Linux.

References (2)

[Third Party Advisory] https://blog.zoller.lu/p/tzo-23-2020-avast-generic-archive.html

[Mailing List, Third Party Advisory] https://seclists.org/fulldisclosure/2020/Feb/35

Scores

CVSS v3 5.5

EPSS 0.0012

EPSS Percentile 30.5%

Attack Vector LOCAL

CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N

Details

CWE

CWE-436

Status published

Products (3)

avast/antivirus_for_linux < 12.0

avast/antivirus_pro < 12.0

avast/antivirus_pro_plus < 12.0

Published Feb 28, 2020

Tracked Since Feb 18, 2026