CVE-2020-37167

CVSS v3.1

Vector

AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Name of the Vulnerable Software and Affected Versions ClamAV versions prior to 0.102.0

Description The ClamAV ClamBC bytecode interpreter has a flaw in how it handles function names. This allows manipulation of bytecode function names due to weak input validation in function name encoding. Successful exploitation could lead to the execution of malicious bytecode or cause unpredictable behavior within the ClamAV engine.

Recommendations Update ClamAV to a version newer than 0.102.0.

Exploit

Fix

Code Injection

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-94

Related Identifiers

BDU:2026-02545

CVE-2020-37167

Affected Products

Clamav

CVE-2020-37167

Weakness Enumeration

Related Identifiers

Affected Products

References · 18