5 matches found
USN-8080-1: YARA vulnerabilities
Kamil Frankowicz discovered that a number of YARA's functions generated memory exceptions when processing specially crafted rules or files. A remote attacker could possibly use these issues to cause YARA to crash, resulting in a denial of service. These issues only affected Ubuntu 16.04 LTS...
Fedora 30 : python-yara / yara (2019-c3627a0e7a)
update to the bugfix release 3.9.0 Note that Tenable Network Security has extracted the preceding description block directly from the Fedora update system website. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues. C Tenable Netwo...
YARA <= 3.8.1 Multiple Vulnerabilities
YARA is prone to multiple vulnerabilities. Copyright C 2019 Greenbone Networks GmbH Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-or-later This program is free software; you can redistribu...
CVE-2018-19974
CVE-2018-19974 affects YARA 3.8.1, where bytecode in a specially crafted compiled rule can read uninitialized data from the VM scratch memory in libyara/exec.c, potentially revealing addresses from the real stack. The vulnerability is confined to the YARA runtime and arises from reading uninitial...
CVE-2018-19974
In YARA 3.8.1, bytecode in a specially crafted compiled rule can read uninitialized data from VM scratch memory in libyara/exec.c. This can allow attackers to discover addresses in the real stack not the YARA virtual stack...