66 matches found
CVE-2018-12034
In YARA 3.7.1 and prior, parsing a specially crafted compiled rule file can cause an out of bounds read vulnerability in yrexecutecode in libyara/exec.c...
CVE-2018-12035
In YARA 3.7.1 and prior, parsing a specially crafted compiled rule file can cause an out of bounds write vulnerability in yrexecutecode in libyara/exec.c...
CVE-2018-12034
In YARA 3.7.1 and prior, parsing a specially crafted compiled rule file can cause an out of bounds read vulnerability in yrexecutecode in libyara/exec.c...
CVE-2018-12035
In YARA 3.7.1 and prior, parsing a specially crafted compiled rule file can cause an out of bounds write vulnerability in yrexecutecode in libyara/exec.c...
CVE-2018-12035
CVE-2018-12035 affects YARA up to version 3.7.1, where parsing a specially crafted compiled rule file can trigger an out-of-bounds write in yr_execute_code (libyara/exec.c). Reported metrics indicate CVSS v3 base score 7.8 (HIGH) with LOCAL exploitability and user interaction required; CVSS v2 ba...
YARA regexp module denial of service vulnerability
YARA is a set of tools used to help software researchers identify and categorize malware samples. regexp is a regular expression module. A denial of service vulnerability exists in the libyara/re.c file of the regexp module in YARA version 3.5.0. A remote attacker could exploit this vulnerability...
CVE-2017-9438
libyara/re.c in the regexp module in YARA 3.5.0 allows remote attackers to cause a denial of service stack consumption via a crafted rule involving hex strings that is mishandled in the yrreemit function, a different vulnerability than CVE-2017-9304...
YARA Denial of Service Vulnerability (CNVD-2017-11646)
YARA is a suite of tools used to help software researchers identify and categorize malware samples. regexp is a regular expression module. A denial of service vulnerability exists in the libyara/re.c file of the regexp module in YARA version 3.5.0. A remote attacker could exploit this vulnerabili...
CVE-2017-9304
The CVE-2017-9304 issue affects libyara/re.c in the regexp module of YARA 3.5.0, where the _yr_re_emit function mishandles crafted regexes (in hex strings), allowing a remote attacker to trigger a denial of service via stack consumption. The vulnerability surface is exposed through crafted rules ...
YARA Denial of Service Vulnerability (CNVD-2017-08108)
YARA is a set of tools used to help software researchers identify and categorize malware samples. regex component is one of the regular expression components. A security vulnerability exists in the libyara/grammar.y file in YARA version 3.5.0. A remote attacker could exploit this vulnerability to...
YARA 'specialized_string_cmp' Denial of Service Vulnerability
YARA is a set of tools used to help software researchers identify and categorize malware samples. A denial-of-service vulnerability exists in the 'sizedstringcmp' parameter of the YARA libyara/sizedstr.c file, which can be exploited by a remote attacker to submit a special request and cause a...
CVE-2017-8929
The sizedstringcmp function in libyara/sizedstr.c in YARA 3.5.0 allows remote attackers to cause a denial of service use-after-free and application crash via a crafted rule...
UBUNTU-CVE-2017-8929
The sizedstringcmp function in libyara/sizedstr.c in YARA 3.5.0 allows remote attackers to cause a denial of service use-after-free and application crash via a crafted rule...
CVE-2017-8929
The sizedstringcmp function in libyara/sizedstr.c in YARA 3.5.0 allows remote attackers to cause a denial of service use-after-free and application crash via a crafted rule...
CVE-2017-8929
CVE-2017-8929 affects YARA 3.5.0. The vulnerability resides in the function in libyara/sizedstr.c: sized_string_cmp, which can be triggered by a crafted rule to cause a use-after-free and application crash, enabling a remote denial of service. The connected documents provide this description and ...
PT-2017-18631
Name of the Vulnerable Software and Affected Versions YARA version 3.5.0 Description The issue allows remote attackers to cause a denial of service, resulting in a use-after-free and application crash, via a crafted rule. This is due to a problem in the sized string cmp function in...
CVE-2017-8294
libyara/re.c in the regex component in YARA 3.5.0 allows remote attackers to cause a denial of service out-of-bounds read and application crash via a crafted rule that is mishandled in the yrreexec function...
Heap overflow
libyara/grammar.y in YARA 3.5.0 allows remote attackers to cause a denial of service heap-based out-of-bounds read and application crash via a crafted rule that is mishandled in the yarayyparse function...
CVE-2017-5923
libyara/grammar.y in YARA 3.5.0 allows remote attackers to cause a denial of service heap-based out-of-bounds read and application crash via a crafted rule that is mishandled in the yarayyparse function...
CVE-2017-5923
libyara/grammar.y in YARA 3.5.0 allows remote attackers to cause a denial of service heap-based out-of-bounds read and application crash via a crafted rule that is mishandled in the yarayyparse function...