CVE-2020-9399

The Avast AV parsing engine allows virus-detection bypass via a crafted ZIP archive. This affects versions before 12 definitions 200114-0 of Antivirus Pro, Antivirus Pro Plus, and Antivirus for Linux.
Configurations

Configuration 1 (hide)

OR cpe:2.3:a:avast:antivirus_for_linux:*:*:*:*:*:*:*:*
cpe:2.3:a:avast:antivirus_pro:*:*:*:*:*:*:*:*
cpe:2.3:a:avast:antivirus_pro_plus:*:*:*:*:*:*:*:*

History

21 Nov 2024, 05:40

Type Values Removed Values Added
References () https://blog.zoller.lu/p/tzo-23-2020-avast-generic-archive.html - Third Party Advisory () https://blog.zoller.lu/p/tzo-23-2020-avast-generic-archive.html - Third Party Advisory
References () https://seclists.org/fulldisclosure/2020/Feb/35 - Mailing List, Third Party Advisory () https://seclists.org/fulldisclosure/2020/Feb/35 - Mailing List, Third Party Advisory

Information

Published : 2020-02-28 14:15

Updated : 2024-11-21 05:40


NVD link : CVE-2020-9399

Mitre link : CVE-2020-9399

CVE.ORG link : CVE-2020-9399


JSON object : View

Products Affected

avast

  • antivirus_for_linux
  • antivirus_pro
  • antivirus_pro_plus
CWE
CWE-436

Interpretation Conflict