12 matches found
EUVD-2017-17256
Malware in sbrugna...
Linux Distros Unpatched Vulnerability : CVE-2017-8294
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - libyara/re.c in the regex component in YARA 3.5.0 allows remote attackers to cause a denial of service out-of-bounds read and application crash via a crafted ru...
Linux Distros Unpatched Vulnerability : CVE-2017-5923
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - libyara/grammar.y in YARA 3.5.0 allows remote attackers to cause a denial of service heap-based out-of- bounds read and application crash via a crafted rule tha...
Linux Distros Unpatched Vulnerability : CVE-2017-9465
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - The yrarenawritedata function in YARA 3.6.1 allows remote attackers to cause a denial of service buffer over-read and application crash or obtain sensitive...
Linux Distros Unpatched Vulnerability : CVE-2018-19975
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - In YARA 3.8.1, bytecode in a specially crafted compiled rule can read data from any arbitrary address in memory, in libyara/exec.c. Specifically, OPCOUNT can re...
Linux Distros Unpatched Vulnerability : CVE-2018-12035
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - In YARA 3.7.1 and prior, parsing a specially crafted compiled rule file can cause an out of bounds write vulnerability in yrexecutecode in libyara/exec.c...
SUSE CVE-2023-40857
Buffer Overflow vulnerability in VirusTotal yara v.4.3.2 allows a remote attacker to execute arbtirary code via the yrexecutecod function in the exe.c component...
SUSE CVE-2017-8929
The sizedstringcmp function in libyara/sizedstr.c in YARA 3.5.0 allows remote attackers to cause a denial of service use-after-free and application crash via a crafted rule...
PT-2018-15180
Name of the Vulnerable Software and Affected Versions YARA version 3.8.1 Description The issue allows attackers to discover addresses in the real stack by reading uninitialized data from VM scratch memory in libyara/exec.c when bytecode in a specially crafted compiled rule is executed...
PT-2018-15182
Name of the Vulnerable Software and Affected Versions YARA version 3.8.1 Description The issue arises from the design of the YARA virtual machine, where bytecode in a specially crafted compiled rule can expose information about its environment. This occurs in the libyara/exec.c component...
DEBIAN-CVE-2017-11328
Heap buffer overflow in the yrobjectarraysetitem function in object.c in YARA 3.x allows a denial-of-service attack by scanning a crafted .NET file...
PT-2017-16761
Name of the Vulnerable Software and Affected Versions YARA version 3.5.0 Description The issue allows remote attackers to cause a denial of service, resulting in a use-after-free and application crash, by providing a crafted rule that is mishandled in the yr compiler destroy function...