CVE-2020-9342

The F-Secure AV parsing engine before 2020-02-05 allows virus-detection bypass via crafted Compression Method data in a GZIP archive. This affects versions before 17.0.605.474 (on Linux) of Cloud Protection For Salesforce, Email and Server Security, and Internet GateKeeper.
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTNIST
5.5 MEDIUM
LOCAL
LOW
NONE
CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N
mitreCNA
---
---
CVEADP
---
---
Base Score
CVSS 3.x
EPSS Score
Percentile: 48%
VendorProductVersion
f-securecloud_protection_for_salesforce
𝑥
< 17.0.605.474
f-secureemail_and_server_security
𝑥
< 17.0.605.474
f-secureinternet_gatekeeper
𝑥
< 17.0.605.474
𝑥
= Vulnerable software versions
Common Weakness Enumeration
References
http://packetstormsecurity.com/files/156506/F-SECURE-Generic-Malformed-Container-Bypass.html
http://seclists.org/fulldisclosure/2020/Feb/33
https://blog.zoller.lu/p/tzo-16-2020-f-secure-generic-malformed.html
https://seclists.org/bugtraq/2020/Feb/33
http://packetstormsecurity.com/files/156506/F-SECURE-Generic-Malformed-Container-Bypass.html
http://seclists.org/fulldisclosure/2020/Feb/33
https://blog.zoller.lu/p/tzo-16-2020-f-secure-generic-malformed.html
https://seclists.org/bugtraq/2020/Feb/33