CVE-2020-37167
Public on 2026-02-12
Modified on 2026-02-14
Description
ClamAV ClamBC bytecode interpreter contains a vulnerability in function name processing that allows attackers to manipulate bytecode function names. Attackers can exploit the weak input validation in function name encoding to potentially execute malicious bytecode or cause unexpected behavior in the ClamAV engine.
CVSS v3 Base Score
See breakdown
Affected Packages
| Platform | Package | Release Date | Advisory | Status |
|---|---|---|---|---|
| Amazon Linux 2 - Core | clamav | Pending Fix | ||
| Amazon Linux 2023 | clamav | Pending Fix | ||
| Amazon Linux 2 - Core | clamav1.4 | Pending Fix | ||
| Amazon Linux 2023 | clamav1.4 | Pending Fix | ||
| Amazon Linux 2023 | clamav1.5 | Pending Fix |
CVSS Scores
| Score Type | Score | Vector | |
|---|---|---|---|
| Amazon Linux | CVSSv3 | 6.7 | CVSS:3.1/AV:L/AC:H/PR:L/UI:R/S:U/C:H/I:H/A:H |