9 matches found
USN-8080-1: YARA vulnerabilities
Kamil Frankowicz discovered that a number of YARA's functions generated memory exceptions when processing specially crafted rules or files. A remote attacker could possibly use these issues to cause YARA to crash, resulting in a denial of service. These issues only affected Ubuntu 16.04 LTS...
SUSE CVE-2017-9304
libyara/re.c in the regexp module in YARA 3.5.0 allows remote attackers to cause a denial of service stack consumption via a crafted rule that is mishandled in the yrreemit function...
Fedora Update for yara FEDORA-2017-156d12fa2f
The remote host is missing an update for the SPDX-FileCopyrightText: 2017 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...
Fedora 26 : yara (2017-156d12fa2f)
Security fix for CVE-2017-9304, CVE-2017-9465 Note that Tenable Network Security has extracted the preceding description block directly from the Fedora update system website. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues...
Fedora Update for yara FEDORA-2017-fa52efdf32
The remote host is missing an update for the SPDX-FileCopyrightText: 2017 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...
Fedora 24 : yara (2017-47487b1223)
Security fix for CVE-2017-9304, CVE-2017-9465 Note that Tenable Network Security has extracted the preceding description block directly from the Fedora update system website. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues...
Fedora 25 : yara (2017-fa52efdf32)
Security fix for CVE-2017-9304, CVE-2017-9465 Note that Tenable Network Security has extracted the preceding description block directly from the Fedora update system website. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues...
CVE-2017-9438
libyara/re.c in the regexp module in YARA 3.5.0 allows remote attackers to cause a denial of service stack consumption via a crafted rule involving hex strings that is mishandled in the yrreemit function, a different vulnerability than CVE-2017-9304...
CVE-2017-9304
The CVE-2017-9304 issue affects libyara/re.c in the regexp module of YARA 3.5.0, where the _yr_re_emit function mishandles crafted regexes (in hex strings), allowing a remote attacker to trigger a denial of service via stack consumption. The vulnerability surface is exposed through crafted rules ...