CVE-2020-37167

Name of the Vulnerable Software and Affected Versions ClamAV versions prior to 0.102.0

Description The ClamAV ClamBC bytecode interpreter has a flaw in how it handles function names. This allows manipulation of bytecode function names due to weak input validation in function name encoding. Successful exploitation could lead to the execution of malicious bytecode or cause unpredictable behavior within the ClamAV engine.

Recommendations Update ClamAV to a version newer than 0.102.0.