← Retour aux CVEs
CVE-2020-37167
HIGH8.4
Description
ClamAV versions prior to 0.103.0-rc contain a vulnerability in function name processing through the ClamBC bytecode interpreter that allows attackers to manipulate bytecode function names. Attackers can exploit the weak input validation in function name encoding to potentially execute malicious bytecode or cause unexpected behavior in the ClamAV engine.
Details CVE
Score CVSS v3.18.4
SeveriteHIGH
Vecteur CVSSCVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Vecteur d'attaqueLOCAL
ComplexiteLOW
Privileges requisNONE
Interaction utilisateurNONE
Publie2/12/2026
Derniere modification2/27/2026
Sourcenvd
Observations honeypot0
References
https://github.com/Cisco-Talos/clamav/commit/cd2f2975b93277de7f74464d48adb378375a305f(disclosure@vulncheck.com)
https://www.clamav.net/(disclosure@vulncheck.com)
https://www.exploit-db.com/exploits/47687(disclosure@vulncheck.com)
https://www.vulncheck.com/advisories/clamav-clambc-clambc-executable-regular-expression-error(disclosure@vulncheck.com)
Correlations IOC
Aucune correlation enregistree
This product uses data from the NVD API but is not endorsed or certified by the NVD.