CVE-2020-37167

HIGH 8.4

ClamAV ClamBC < 0.103.0-rc - 'ClamBC' Executable Regular Expression Error

CVSS Score

8.4

EPSS Score

0.0%

EPSS Percentile

0th

ClamAV versions prior to 0.103.0-rc contain a vulnerability in function name processing through the ClamBC bytecode interpreter that allows attackers to manipulate bytecode function names. Attackers can exploit the weak input validation in function name encoding to potentially execute malicious bytecode or cause unexpected behavior in the ClamAV engine.

Vendor	clamav
Product	clambc
Published	Feb 12, 2026
Last Updated	Apr 7, 2026

Stay Ahead of the Next One

Get instant alerts for clamav clambc

Be the first to know when new high vulnerabilities affecting clamav clambc are published — delivered to Slack, Telegram or Discord.

Get Free Alerts → Free · No credit card · 60 sec setup

CVSS v3 Breakdown

CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Attack Vector

Local

Attack Complexity

Low

Privileges Required

None

User Interaction

None

Scope

Unchanged

Confidentiality

High

Integrity

High

Availability

High

Affected Versions

ClamAV / ClamBC

All versions affected

References

NVD ↗ CVE.org ↗ EPSS Data ↗

exploit-db.com: https://www.exploit-db.com/exploits/47687 github.com: https://github.com/Cisco-Talos/clamav/commit/cd2f2975b93277de7f74464d48adb378375a305f clamav.net: https://www.clamav.net/ vulncheck.com: https://www.vulncheck.com/advisories/clamav-clambc-clambc-executable-regular-expression-error