CVE-2018-19976

In YARA 3.8.1, bytecode in a specially crafted compiled rule is exposed to information about its environment, in libyara/exec.c. This is a consequence of the design of the YARA virtual machine...

DEBIAN-CVE-2018-19976

In YARA 3.8.1, bytecode in a specially crafted compiled rule is exposed to information about its environment, in libyara/exec.c. This is a consequence of the design of the YARA virtual machine...

DEBIAN-CVE-2018-19974

In YARA 3.8.1, bytecode in a specially crafted compiled rule can read uninitialized data from VM scratch memory in libyara/exec.c. This can allow attackers to discover addresses in the real stack not the YARA virtual stack...

CVE-2018-19975

In YARA 3.8.1, bytecode in a specially crafted compiled rule can read data from any arbitrary address in memory, in libyara/exec.c. Specifically, OPCOUNT can read a DWORD...

Design/Logic Flaw

In YARA 3.8.1, bytecode in a specially crafted compiled rule can read uninitialized data from VM scratch memory in libyara/exec.c. This can allow attackers to discover addresses in the real stack not the YARA virtual stack...

UBUNTU-CVE-2018-19976

In YARA 3.8.1, bytecode in a specially crafted compiled rule is exposed to information about its environment, in libyara/exec.c. This is a consequence of the design of the YARA virtual machine...

CVE-2018-19974

In YARA 3.8.1, bytecode in a specially crafted compiled rule can read uninitialized data from VM scratch memory in libyara/exec.c. This can allow attackers to discover addresses in the real stack not the YARA virtual stack...

CVE-2018-19975

In YARA 3.8.1, bytecode in a specially crafted compiled rule can read data from any arbitrary address in memory, in libyara/exec.c. Specifically, OPCOUNT can read a DWORD...

Code injection

In YARA 3.8.1, bytecode in a specially crafted compiled rule is exposed to information about its environment, in libyara/exec.c. This is a consequence of the design of the YARA virtual machine...

CVE-2018-19976

In YARA 3.8.1, bytecode in a specially crafted compiled rule is exposed to information about its environment, in libyara/exec.c. This is a consequence of the design of the YARA virtual machine...

CVE-2018-19974

CVE-2018-19974 affects YARA 3.8.1, where bytecode in a specially crafted compiled rule can read uninitialized data from the VM scratch memory in libyara/exec.c, potentially revealing addresses from the real stack. The vulnerability is confined to the YARA runtime and arises from reading uninitial...

CVE-2018-19975

CVE-2018-19975 affects YARA 3.8.1. The vulnerability arises in libyara/exec.c where specially crafted compiled rules’ bytecode can cause an OP_COUNT operation to read a DWORD from an arbitrary memory address, enabling potential data disclosure. Documented impact indicates confidentiality risk; no...

CVE-2018-19976

CVE-2018-19976 involves YARA 3.8.1 where bytecode in a specially crafted compiled rule can reveal information about the host environment via libyara/exec.c, a consequence of how the YARA VM is designed. Public descriptions in CNVD and OSV confirm an environment-information exposure vulnerability ...

CVE-2018-19976

In YARA 3.8.1, bytecode in a specially crafted compiled rule is exposed to information about its environment, in libyara/exec.c. This is a consequence of the design of the YARA virtual machine...

CVE-2018-19976

In YARA 3.8.1, bytecode in a specially crafted compiled rule is exposed to information about its environment, in libyara/exec.c. This is a consequence of the design of the YARA virtual machine...

CVE-2018-19975

In YARA 3.8.1, bytecode in a specially crafted compiled rule can read data from any arbitrary address in memory, in libyara/exec.c. Specifically, OPCOUNT can read a DWORD...

PT-2018-15182

Name of the Vulnerable Software and Affected Versions YARA version 3.8.1 Description The issue arises from the design of the YARA virtual machine, where bytecode in a specially crafted compiled rule can expose information about its environment. This occurs in the libyara/exec.c component...

GHSA-VQGP-4JGJ-5J64 Py-EVM is vulnerable to arbitrary bytecode injection

Py-EVM v0.2.0-alpha.33 allows attackers to make a vm.executebytecode call that triggers computation.stack.values with '"stack": 100, 100, 0' where b'\x' was expected, resulting in an execution failure because of an invalid opcode. This is reportedly related to "smart contracts can be executed...

Py-EVM is vulnerable to arbitrary bytecode injection

Py-EVM v0.2.0-alpha.33 allows attackers to make a vm.executebytecode call that triggers computation.stack.values with '"stack": 100, 100, 0' where b'\x' was expected, resulting in an execution failure because of an invalid opcode. This is reportedly related to "smart contracts can be executed...

Manticore - Symbolic Execution Tool For Analysis Of Binaries And Smart Contracts

Manticore is a symbolic execution tool for analysis of binaries and smart contracts. Note: Beginning with version 0.2.0, Python 3.6+ is required. Features Input Generation : Manticore automatically generates inputs that trigger unique code paths Crash Discovery : Manticore discovers inputs that...