CVE-2020-37167

HIGH

ClamAV/ClamBC < 0.103.0-rc - Code Injection via ClamBC Bytecode Function Name Manipulation

Title source: llm
STIX 2.1

Exploitation Summary

EIP tracks 1 public exploit for CVE-2020-37167. PoCs published by anonymous.

AI-analyzed exploit summary This exploit targets a vulnerability in ClamAV's bytecode interpreter (ClamBC) by crafting a malicious bytecode file. The PoC constructs a header, types, APIs, and globals to trigger the vulnerability, likely leading to arbitrary code execution.

Description

ClamAV versions prior to 0.103.0-rc contain a vulnerability in function name processing through the ClamBC bytecode interpreter that allows attackers to manipulate bytecode function names. Attackers can exploit the weak input validation in function name encoding to potentially execute malicious bytecode or cause unexpected behavior in the ClamAV engine.

Exploits (1)

exploitdb WORKING POC
by anonymous · pythonlocallinux
https://www.exploit-db.com/exploits/47687

This exploit targets a vulnerability in ClamAV's bytecode interpreter (ClamBC) by crafting a malicious bytecode file. The PoC constructs a header, types, APIs, and globals to trigger the vulnerability, likely leading to arbitrary code execution.

Classification
Working Poc 90%
Attack Type
Rce
Complexity
Complex
Reliability
Reliable
Target: ClamAV (LibClamAV) <= 0.102.0
No auth needed
Prerequisites: Access to a system running ClamAV with vulnerable ClamBC
devstral-2 · analyzed Feb 16, 2026 Full analysis →

References (5)

Core 5

Scores

CVSS v3 8.4
EPSS 0.0017
EPSS Percentile 6.8%
Attack Vector LOCAL
CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

CISA SSVC

Vulnrichment
Exploitation poc
Automatable yes
Technical Impact total

Details

CWE
CWE-94
Status published
Products (1)
ClamAV/ClamBC < 0.103.0-rc
Published Feb 12, 2026
Tracked Since Feb 18, 2026