YARA Denial of Service Vulnerability (CNVD-2017-11330)

YARA is a set of tools used to help software researchers identify and categorize malware samples. A denial of service vulnerability exists in the 'yrarenawritedata' function in YARA version 3.6.1. A remote attacker can exploit this vulnerability with the help of specially crafted files to cause a...

PT-2017-18938

Name of the Vulnerable Software and Affected Versions YARA version 3.6.1 Description The issue allows remote attackers to cause a denial of service or obtain sensitive information from process memory via a crafted file. This is due to the mishandling of the file in the yr re fast exec function in...