← back
CVE-2020-37167

ClamAV ClamBC < 0.103.0-rc - 'ClamBC' Executable Regular Expression Error

CVSS 8.6 HIGHEPSS 0.2%
ClamAV versions prior to 0.103.0-rc contain a vulnerability in function name processing through the ClamBC bytecode interpreter that allows attackers to manipulate bytecode function names. Attackers can exploit the weak input validation in function name encoding to potentially execute malicious bytecode or cause unexpected behavior in the ClamAV engine.
CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N
Affected products
ClamAV · ClamBC

Want to know if your infrastructure is exposed to this?

Talk to TrueHacking →
References
https://github.com/Cisco-Talos/clamav/commit/cd2f2975b93277de7f74464d48adb378375a305fhttps://www.clamav.net/https://www.exploit-db.com/exploits/47687https://www.vulncheck.com/advisories/clamav-clambc-clambc-executable-regular-expression-error