VDB

CVE-2020-37167

CVE-2020-37167 REJECTED

ClamAV ClamBC bytecode interpreter contains a vulnerability in function name processing that allows attackers to manipulate bytecode function names. Attackers can exploit the weak input validation in function name encoding to potentially execute malicious bytecode or cause unexpected behavior in the ClamAV engine.

EPSS 0.01% · 0.5th percentile

Risk Scores

EPSS Score
0.01%
0.5th percentile

Affected Products

VendorProductVersions
Ubuntu:25.10clamav0, 1.4.2+dfsg-0ubuntu2, 1.4.2+dfsg-1ubuntu1
Ubuntu:25.10libclamunrar1.3.1-1, 0, 1.3.1-1build1
Ubuntu:Pro:14.04:LTSclamav*, 0.99.2+addedllvm-0ubuntu0.14.04.2, 0.99.3+addedllvm-0ubuntu0.14.04.1
Ubuntu:24.04:LTSclamav0, *, *
Ubuntu:16.04:LTSlibclamunrar0, *, 0.99-1ubuntu0.1
Ubuntu:Pro:16.04:LTSclamav*, *, 0
Ubuntu:24.04:LTSlibclamunrar1.3.1-0ubuntu0.24.04.1, 1.0.4-0ubuntu4, 0
Ubuntu:18.04:LTSlibclamunrar0.99-4ubuntu1, 0, 0.101.2-1~ubuntu0.18.04.1
Ubuntu:Pro:18.04:LTSclamav0.100.1+dfsg-1ubuntu0.18.04.3, 0.99.4+addedllvm-0ubuntu1, 0.101.4+dfsg-0ubuntu0.18.04.1
Ubuntu:22.04:LTSlibclamunrar1.3.1-0ubuntu0.22.04.1, 0.102.3-3, 0
Ubuntu:Pro:20.04:LTSclamav0.103.12+dfsg-0ubuntu0.20.04.1, 0.103.5+dfsg-1~20.04.1, 0.103.2+dfsg-0ubuntu0.20.04.2
Ubuntu:22.04:LTSclamav0.103.3+dfsg-1, 0.103.4+dfsg-1build1, 0.103.5+dfsg-1
Ubuntu:Pro:20.04:LTSlibclamunrar*, 0.101.2-1, 0

Exploit Intelligence

Timeline

  • Feb 13, 2026 EPSS Score
  • Feb 15, 2026 EPSS Score
  • Feb 17, 2026 EPSS Score
  • Feb 18, 2026 CVE Rejected
  • Feb 18, 2026 CVE Updated
  • Feb 19, 2026 EPSS Score
  • Feb 21, 2026 EPSS Score
  • Feb 23, 2026 EPSS Score
  • Feb 25, 2026 EPSS Score
  • Feb 27, 2026 EPSS Score
  • Mar 1, 2026 EPSS Score
  • Mar 3, 2026 EPSS Score

References

Open in Interactive Console →
$ Console Community · 100/wk Open console ›