2 matches found
USN-8080-1: YARA vulnerabilities
Kamil Frankowicz discovered that a number of YARA's functions generated memory exceptions when processing specially crafted rules or files. A remote attacker could possibly use these issues to cause YARA to crash, resulting in a denial of service. These issues only affected Ubuntu 16.04 LTS...
CVE-2017-8294
CVE-2017-8294 affects YARA 3.5.0’s libyara/re.c regex component. A crafted rule mishandled in yr_re_exec can trigger an out-of-bounds read and application crash, enabling remote denial of service. The connected CNVD entry confirms the DoS impact in YARA 3.5.0. No remediation details are provided ...