Back

Incomplete validation in detection code in Bitdefender Engines (VA-8589)

Publication date: May 11th, 2020

CVE ID:

CVE-2020-8100

CVSS scrore:

9.0 - https://www.first.org/cvss/calculator/3.0#CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:H

Affected vendors:

Bitdefender

Affected products:

Bitdefender Engines

Vulnerability details:

Improper Input Validation vulnerability in the cevakrnl.rv0 module as used in the Bitdefender Engines allows an attacker to trigger a denial of service while scanning a specially-crafted sample. This issue affects Bitdefender Engines versions prior to 7.84063.

Additional details:

An automatic update to Bitdefender Engines version 7.84063 fixes the issue.