USN-8080-1: YARA vulnerabilities

Kamil Frankowicz discovered that a number of YARA's functions generated memory exceptions when processing specially crafted rules or files. A remote attacker could possibly use these issues to cause YARA to crash, resulting in a denial of service. These issues only affected Ubuntu 16.04 LTS...

SUSE CVE-2016-10211

libyara/grammar.y in YARA 3.5.0 allows remote attackers to cause a denial of service use-after-free and application crash via a crafted rule that is mishandled in the yrparserlookuploopvariable function...

Fedora 24 : yara (2017-9941306740)

Security fix CVE-2016-10210 CVE-2016-10211 CVE-2017-5923 CVE-2017-5924 Note that Tenable Network Security has extracted the preceding description block directly from the Fedora update system website. Tenable has attempted to automatically clean and format it as much as possible without introducin...

CVE-2016-10211

CVE-2016-10211 affects YARA 3.5.0 (libyara/grammar.y). The issue is a use-after-free in yr_parser_lookup_loop_variable, enabling remote denial of service (application crash) via a crafted rule. According to the connected Fedora/OpenVAS/NASL references, the vulnerability was addressed in later YAR...

Design/Logic Flaw

Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: CVE-2016-10211. Reason: This candidate is a reservation duplicate of CVE-2016-10211. Notes: All CVE users should reference CVE-2016-10211 instead of this candidate. All references and descriptions in this candidate have been removed t...