Interpretation Conflict

CVE-2020-9342

Medium

5.5/10

Summary

The F-Secure AV parsing engine before 2020-02-05 allows virus-detection bypass via crafted Compression Method data in a GZIP archive. This affects versions before 17.0.605.474 (on Linux) of Cloud Protection For Salesforce, Email and Server Security, and Internet GateKeeper.

Attack Complexity: LOW
Attack Vector: LOCAL
Integrity Impact: HIGH
Scope: UNCHANGED
User Interaction: REQUIRED
Privileges Required: NONE
Confidentiality Impact: NONE
Availability Impact: NONE

CWE-436 - Interpretation Conflict

Product A handles inputs or steps differently than Product B, which causes A to perform incorrect actions based on its perception of B's state.

References

Advisory Timeline

Published Feb 22, 2020

Interpretation Conflict

CVE-2020-9342

Summary

CWE-436 - Interpretation Conflict

References

Advisory Timeline

ChainJacking

JetBrains IDE

KICS SaaS