Vulnerability Description
The ESET AV parsing engine allows virus-detection bypass via a crafted BZ2 Checksum field in an archive. This affects versions before 1294 of Smart Security Premium, Internet Security, NOD32 Antivirus, Cyber Security Pro (macOS), Cyber Security (macOS), Mobile Security for Android, Smart TV Security, and NOD32 Antivirus 4 for Linux Desktop.
CVSS Score
CRITICAL
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Eset | Cyber Security | < 1294 |
| Eset | Mobile Security | < 1294 |
| Eset | Nod32 Antivirus | < 1294 |
| Eset | Smart Security | < 1294 |
| Eset | Smart Tv Security | < 1294 |
Related Weaknesses (CWE)
References
- https://blog.zoller.lu/p/tzo-11-2020-eset-generic-malformed.htmlThird Party Advisory
- https://blog.zoller.lu/p/tzo-11-2020-eset-generic-malformed.htmlThird Party Advisory
FAQ
What is CVE-2020-10180?
CVE-2020-10180 is a vulnerability with a CVSS score of 9.8 (CRITICAL). The ESET AV parsing engine allows virus-detection bypass via a crafted BZ2 Checksum field in an archive. This affects versions before 1294 of Smart Security Premium, Internet Security, NOD32 Antivirus...
How severe is CVE-2020-10180?
CVE-2020-10180 has been rated CRITICAL with a CVSS base score of 9.8/10. This is considered a critical vulnerability requiring immediate attention.
Is there a patch for CVE-2020-10180?
Check the references section above for vendor advisories and patch information. Affected products include: Eset Cyber Security, Eset Mobile Security, Eset Nod32 Antivirus, Eset Smart Security, Eset Smart Tv Security.