Yara Security Vulnerabilities and Issues — Yara CVE List

Lucene search

VirustotalYara

13 matches found

CVE•added 2019/12/09 1:15 a.m.•134 views

CVE-2019-19648

In the macho_parse_file functionality in macho/macho.c of YARA 3.11.0, command_size may be inconsistent with the real size. A specially crafted MachO file can cause an out-of-bounds memory access, resulting in Denial of Service (application crash) or potential code execution.

7.8CVSS8.4AI score0.0056EPSS

CVE•added 2017/04/27 2:59 p.m.•48 views

CVE-2017-8294

libyara/re.c in the regex component in YARA 3.5.0 allows remote attackers to cause a denial of service (out-of-bounds read and application crash) via a crafted rule that is mishandled in the yr_re_exec function.

7.5CVSS7AI score0.00514EPSS

CVE•added 2017/06/05 5:29 p.m.•45 views

CVE-2017-9438

libyara/re.c in the regexp module in YARA 3.5.0 allows remote attackers to cause a denial of service (stack consumption) via a crafted rule (involving hex strings) that is mishandled in the _yr_re_emit function, a different vulnerability than CVE-2017-9304.

7.5CVSS6.7AI score0.00614EPSS

CVE•added 2017/05/14 10:29 p.m.•44 views

CVE-2017-8929

The sized_string_cmp function in libyara/sizedstr.c in YARA 3.5.0 allows remote attackers to cause a denial of service (use-after-free and application crash) via a crafted rule.

7.5CVSS7AI score0.00418EPSS

CVE•added 2017/06/06 9:29 p.m.•43 views

CVE-2017-9465

The yr_arena_write_data function in YARA 3.6.1 allows remote attackers to cause a denial of service (buffer over-read and application crash) or obtain sensitive information from process memory via a crafted file that is mishandled in the yr_re_fast_exec function in libyara/re.c and the _yr_scan_mat...

7.1CVSS6.7AI score0.00245EPSS

CVE•added 2017/04/03 5:59 a.m.•41 views

CVE-2016-10211

libyara/grammar.y in YARA 3.5.0 allows remote attackers to cause a denial of service (use-after-free and application crash) via a crafted rule that is mishandled in the yr_parser_lookup_loop_variable function.

7.5CVSS7AI score0.00787EPSS

CVE•added 2017/04/03 5:59 a.m.•40 views

CVE-2017-5924

libyara/grammar.y in YARA 3.5.0 allows remote attackers to cause a denial of service (use-after-free and application crash) via a crafted rule that is mishandled in the yr_compiler_destroy function.

7.5CVSS7.1AI score0.00546EPSS

CVE•added 2017/05/31 4:29 a.m.•40 views

CVE-2017-9304

libyara/re.c in the regexp module in YARA 3.5.0 allows remote attackers to cause a denial of service (stack consumption) via a crafted rule that is mishandled in the _yr_re_emit function.

7.5CVSS6.7AI score0.00355EPSS

CVE•added 2017/04/03 5:59 a.m.•38 views

CVE-2016-10210

libyara/lexer.l in YARA 3.5.0 allows remote attackers to cause a denial of service (NULL pointer dereference and application crash) via a crafted rule that is mishandled in the yy_get_next_buffer function.

7.5CVSS7AI score0.00641EPSS

CVE•added 2018/12/17 7:29 p.m.•38 views

CVE-2018-19975

In YARA 3.8.1, bytecode in a specially crafted compiled rule can read data from any arbitrary address in memory, in libyara/exec.c. Specifically, OP_COUNT can read a DWORD.

7.1CVSS5.3AI score0.00241EPSS

CVE•added 2017/04/03 5:59 a.m.•37 views

CVE-2017-5923

libyara/grammar.y in YARA 3.5.0 allows remote attackers to cause a denial of service (heap-based out-of-bounds read and application crash) via a crafted rule that is mishandled in the yara_yyparse function.

7.5CVSS7AI score0.00787EPSS

CVE•added 2018/06/15 4:29 p.m.•37 views

CVE-2018-12034

In YARA 3.7.1 and prior, parsing a specially crafted compiled rule file can cause an out of bounds read vulnerability in yr_execute_code in libyara/exec.c.

7.8CVSS7.3AI score0.00208EPSS

CVE•added 2018/06/15 4:29 p.m.•37 views

CVE-2018-12035

In YARA 3.7.1 and prior, parsing a specially crafted compiled rule file can cause an out of bounds write vulnerability in yr_execute_code in libyara/exec.c.

7.8CVSS7.5AI score0.00208EPSS