Vulnerabilities
Misconfiguration
Compliance
CVE Vulnerabilities

CVE-2020-37167

Published: Feb 12, 2026 | Modified: Feb 27, 2026
CVSS 3.x
N/A
Source:
NVD
CVSS 2.x
RedHat/V2
RedHat/V3
Ubuntu
MEDIUM
Vulnerability-free packages from our partners
root.io logo minimus.io logo echo.ai logo
Additional information
NVDhttps://nvd.nist.gov/vuln/detail/CVE-2020-37167
CWEhttps://cwe.mitre.org/data/definitions/.html

ClamAV versions prior to 0.103.0-rc contain a vulnerability in function name processing through the ClamBC bytecode interpreter that allows attackers to manipulate bytecode function names. Attackers can exploit the weak input validation in function name encoding to potentially execute malicious bytecode or cause unexpected behavior in the ClamAV engine.

Affected Software

NameVendorStart VersionEnd Version
ClamavUbuntuesm-infra-legacy/trusty*
ClamavUbuntuesm-infra/bionic*
ClamavUbuntuesm-infra/focal*
ClamavUbuntuesm-infra/xenial*
ClamavUbuntuupstream*

References

Aqua Security is the largest pure-play cloud native security company, providing customers the freedom to innovate and run their businesses with minimal friction. The Aqua Cloud Native Security Platform provides prevention, detection, and response automation across the entire application lifecycle to secure the build, secure cloud infrastructure and secure running workloads wherever they are deployed.
Copyright © 2026 Aqua Security Software Ltd.   Privacy Policy | Terms of Use