CVE-2020-37167

HIGH

ClamAV - Code Injection

Title source: llm

Description

ClamAV versions prior to 0.103.0-rc contain a vulnerability in function name processing through the ClamBC bytecode interpreter that allows attackers to manipulate bytecode function names. Attackers can exploit the weak input validation in function name encoding to potentially execute malicious bytecode or cause unexpected behavior in the ClamAV engine.

Exploits (1)

exploitdb WORKING POC

by anonymous · pythonlocallinux

https://www.exploit-db.com/exploits/47687

View Code ZIP pw:eip

References (5)

[Exploit, Third Party Advisory] https://www.exploit-db.com/exploits/47687

[Patch] https://github.com/Cisco-Talos/clamav/commit/cd2f2975b93277de7f74464d48adb378375a305f

[Various Sources] https://www.clamav.net/

[Third Party Advisory] https://www.vulncheck.com/advisories/clamav-clambc-clambc-executable-regular-expression-error

[Third Party Advisory] https://www.vulncheck.com/advisories/clamav-clambc-clambc-executable-regular-expression

Scores

CVSS v3 8.4

EPSS 0.0001

EPSS Percentile 0.5%

Attack Vector LOCAL

CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

CISA SSVC

Vulnrichment

Exploitation poc

Automatable yes

Technical Impact total

Details

CWE

CWE-94

Status published

Products (1)

ClamAV/ClamBC < 0.103.0-rc

Published Feb 12, 2026

Tracked Since Feb 18, 2026