Menu
HIGH SeverityCVSS 4.08.6CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N
CVE-2020-37167
Last updated Feb 27, 2026 · Published Feb 12, 2026
Description
ClamAV versions prior to 0.103.0-rc contain a vulnerability in function name processing through the ClamBC bytecode interpreter that allows attackers to manipulate bytecode function names. Attackers can exploit the weak input validation in function name encoding to potentially execute malicious bytecode or cause unexpected behavior in the ClamAV engine.
Affected products
1 listed- ClamAV:ClamBC
Mappings
CWE
None listed.
CAPEC
None listed.
CVE® content © MITRE Corporation. Licensed under the CVE Terms of Use. Terms