Vulnerability Description
The Avast AV parsing engine allows virus-detection bypass via a crafted ZIP archive. This affects versions before 12 definitions 200114-0 of Antivirus Pro, Antivirus Pro Plus, and Antivirus for Linux.
CVSS Score
MEDIUM
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Avast | Antivirus For Linux | < 12.0 |
| Avast | Antivirus Pro | < 12.0 |
| Avast | Antivirus Pro Plus | < 12.0 |
Related Weaknesses (CWE)
References
- https://blog.zoller.lu/p/tzo-23-2020-avast-generic-archive.htmlThird Party Advisory
- https://seclists.org/fulldisclosure/2020/Feb/35Mailing ListThird Party Advisory
- https://blog.zoller.lu/p/tzo-23-2020-avast-generic-archive.htmlThird Party Advisory
- https://seclists.org/fulldisclosure/2020/Feb/35Mailing ListThird Party Advisory
FAQ
What is CVE-2020-9399?
CVE-2020-9399 is a vulnerability with a CVSS score of 5.5 (MEDIUM). The Avast AV parsing engine allows virus-detection bypass via a crafted ZIP archive. This affects versions before 12 definitions 200114-0 of Antivirus Pro, Antivirus Pro Plus, and Antivirus for Linux.
How severe is CVE-2020-9399?
CVE-2020-9399 has been rated MEDIUM with a CVSS base score of 5.5/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2020-9399?
Check the references section above for vendor advisories and patch information. Affected products include: Avast Antivirus For Linux, Avast Antivirus Pro, Avast Antivirus Pro Plus.