CVE-2020-9399 - The Avast AV parsing engine allows virus-detection bypass via a crafted ZIP archive. This affects ve

CVE-2020-9399

Summary

The Avast AV parsing engine allows virus-detection bypass via a crafted ZIP archive. This affects versions before 12 definitions 200114-0 of Antivirus Pro, Antivirus Pro Plus, and Antivirus for Linux.

References

https://blog.zoller.lu/p/tzo-23-2020-avast-generic-archive.html
https://seclists.org/fulldisclosure/2020/Feb/35

Vulnerable Configurations

cpe:2.3:a:avast:antivirus_for_linux:*:*:*:*:*:*:*:*
cpe:2.3:a:avast:antivirus_for_linux:*:*:*:*:*:*:*:*
cpe:2.3:a:avast:antivirus_pro:*:*:*:*:*:*:*:*
cpe:2.3:a:avast:antivirus_pro:*:*:*:*:*:*:*:*
cpe:2.3:a:avast:antivirus_pro_plus:*:*:*:*:*:*:*:*
cpe:2.3:a:avast:antivirus_pro_plus:*:*:*:*:*:*:*:*

CVSS

Base:	4.3 (as of 21-07-2021 - 11:39)
Impact:
Exploitability:

CWE

CWE-863

CAPEC

Access

Vector	Complexity	Authentication
NETWORK	MEDIUM	NONE

Impact

Confidentiality	Integrity	Availability
NONE	PARTIAL	NONE

cvss-vector via4

AV:N/AC:M/Au:N/C:N/I:P/A:N

refmap via4

misc

https://blog.zoller.lu/p/tzo-23-2020-avast-generic-archive.html
https://seclists.org/fulldisclosure/2020/Feb/35

Last major update

21-07-2021 - 11:39

Published

28-02-2020 - 14:15

Last modified

21-07-2021 - 11:39