CVE-2020-37167
- Source
- https://cve.org/CVERecord?id=CVE-2020-37167
- Import Source
- https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2020-37167.json
- JSON Data
- https://api.osv.dev/v1/vulns/CVE-2020-37167
- Downstream
- Published
- 2026-02-12T23:16:08.887Z
- Modified
- 2026-03-14T10:30:37.091642Z
- Severity
-
- 8.6 (High) CVSS_V4 - CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X CVSS Calculator
- Summary
- [none]
- Details
-
ClamAV versions prior to 0.103.0-rc contain a vulnerability in function name processing through the ClamBC bytecode interpreter that allows attackers to manipulate bytecode function names. Attackers can exploit the weak input validation in function name encoding to potentially execute malicious bytecode or cause unexpected behavior in the ClamAV engine.
- References
Affected packages
Git / github.com/cisco-talos/clamav
Affected ranges
- Type
- GIT
- Repo
- https://github.com/cisco-talos/clamav
- Events
-
Introduced0 Unknown introduced commit / All previous commits are affectedFixed
Affected versions
clamav-0.*
clamav-0.101.0
clamav-0.102.0
clamav-0.96
clamav-0.96.2
clamav-0.96.3
clamav-0.96.4
clamav-0.96.5
clamav-0.96rc1
clamav-0.96rc2
clamav-0.97
clamav-0.97rc
clamav-0.98-dmgxar
clamav-0.99-beta1
Other
merge-llvm-79908
merge-llvm-80601
merge-llvm-83242
merge-llvm-90002
merge-llvm-91214
merge-llvm-91428
merge-llvm-92222
merge-llvm-94539
merge-llvm-97877
r5076
Database specific
source
"https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2020-37167.json"
vanir_signatures
[
{
"id": "CVE-2020-37167-6e495cb5",
"signature_type": "Function",
"digest": {
"function_hash": "148459003788419734165499019283961617796",
"length": 9596.0
},
"target": {
"file": "clamscan/clamscan.c",
"function": "help"
},
"source": "https://github.com/cisco-talos/clamav/commit/cd2f2975b93277de7f74464d48adb378375a305f",
"signature_version": "v1",
"deprecated": false
},
{
"id": "CVE-2020-37167-834fecc2",
"signature_type": "Line",
"digest": {
"line_hashes": [
"106408459869373235257750722575119413454",
"240679148377164762295485940777004739424",
"337586465132289121067143456422797591531",
"148429844097337696780210272830939777011"
],
"threshold": 0.9
},
"target": {
"file": "clambc/bcrun.c"
},
"source": "https://github.com/cisco-talos/clamav/commit/cd2f2975b93277de7f74464d48adb378375a305f",
"signature_version": "v1",
"deprecated": false
},
{
"id": "CVE-2020-37167-d1261cec",
"signature_type": "Line",
"digest": {
"line_hashes": [
"191718247534306042539625511569012605262",
"58756646025466442967636112104272047953",
"158072926320145078770359338928999650907",
"79570584781485255077898755623269705818"
],
"threshold": 0.9
},
"target": {
"file": "clamscan/clamscan.c"
},
"source": "https://github.com/cisco-talos/clamav/commit/cd2f2975b93277de7f74464d48adb378375a305f",
"signature_version": "v1",
"deprecated": false
},
{
"id": "CVE-2020-37167-d7cd692b",
"signature_type": "Function",
"digest": {
"function_hash": "241550728163143469195026663349662122787",
"length": 1558.0
},
"target": {
"file": "clambc/bcrun.c",
"function": "help"
},
"source": "https://github.com/cisco-talos/clamav/commit/cd2f2975b93277de7f74464d48adb378375a305f",
"signature_version": "v1",
"deprecated": false
}
]
unresolved_ranges
[
{
"events": [
{
"introduced": "0"
},
{
"last_affected": "the"
}
]
}
]