How to fix CVE-2020-37167?

Within 24 hours: Inventory all ClamAV deployments and identify systems running versions up to 0.103.0; isolate or restrict internet access to affected systems if operationally feasible. Within 7 days: Implement network segmentation to limit lateral movement from compromised scanning endpoints; deploy enhanced logging on ClamAV systems to detect suspicious bytecode manipulation attempts. Within 30 days: Upgrade ClamAV to the latest patched version when available; review and strengthen file upload filtering controls; conduct threat hunt for indicators of exploitation.

Is Suse affected by CVE-2020-37167?

ClamAV versions up to 0.103.0 contain a high-severity vulnerability (CVSS 8.4) that allows attackers to manipulate bytecode function names, potentially bypassing malware detection and enabling malicious content to reach protected systems.

CVE-2020-37167

HIGH

2026-02-12 [email protected]

8.4

CVSS 3.1

CVSS Vector

CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Attack Vector

Local

Attack Complexity

Low

Privileges Required

None

User Interaction

None

Scope

Unchanged

Confidentiality

High

Integrity

High

Availability

High

Lifecycle Timeline

Patch Released

Mar 31, 2026 - 21:13 nvd

Patch available

Analysis Generated

Mar 12, 2026 - 22:02 vuln.today

PoC Detected

Feb 27, 2026 - 22:16 vuln.today

Public exploit code

CVE Published

Feb 12, 2026 - 23:16 nvd

HIGH 8.4

Description

ClamAV versions prior to 0.103.0-rc contain a vulnerability in function name processing through the ClamBC bytecode interpreter that allows attackers to manipulate bytecode function names. Attackers can exploit the weak input validation in function name encoding to potentially execute malicious bytecode or cause unexpected behavior in the ClamAV engine.

Analysis

ClamAV versions up to 0.103.0 contains a vulnerability that allows attackers to manipulate bytecode function names (CVSS 8.4).

Technical Context

exists in the a vulnerability in component. ClamAV versions prior to 0.103.0-rc contain a vulnerability in function name processing through the ClamBC bytecode interpreter that allows attackers to manipulate bytecode function names. Attackers can exploit the weak input validation in function name encoding to potentially execute malicious bytecode or cause unexpected behavior in the ClamAV engine.

Affected Products

Product: ClamAV. Versions: up to 0.103.0. Component: a vulnerability in.

Remediation

Monitor vendor advisories for a patch.

Priority Score

Low Medium High Critical

KEV: 0

EPSS: +0.0

CVSS: +42

POC: +20

Vendor Status

CVE-2020-37167 vulnerability details – vuln.today

Back

CVE-2020-37167

CVSS Vector

Lifecycle Timeline

Tags

Description

Analysis

Technical Context

Affected Products

Remediation

Priority Score

Vendor Status

Share

CVE-2020-37167

CVSS Vector

Lifecycle Timeline

Tags

Description

Analysis

Technical Context

Affected Products

Remediation

Priority Score

Vendor Status

Share

External POC / Exploit Code