3 matches found
USN-8080-1: YARA vulnerabilities
Kamil Frankowicz discovered that a number of YARA's functions generated memory exceptions when processing specially crafted rules or files. A remote attacker could possibly use these issues to cause YARA to crash, resulting in a denial of service. These issues only affected Ubuntu 16.04 LTS...
YARA <= 3.8.1 Multiple Vulnerabilities
YARA is prone to multiple vulnerabilities. Copyright C 2019 Greenbone Networks GmbH Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-or-later This program is free software; you can redistribu...
CVE-2018-19975
CVE-2018-19975 affects YARA 3.8.1. The vulnerability arises in libyara/exec.c where specially crafted compiled rules’ bytecode can cause an OP_COUNT operation to read a DWORD from an arbitrary memory address, enabling potential data disclosure. Documented impact indicates confidentiality risk; no...