Yara Security Vulnerabilities and Issues — Yara CVE List

Lucene search

VirustotalYara

5 matches found

CVE•added 2018/12/17 7:29 p.m.•45 views

CVE-2018-19974

In YARA 3.8.1, bytecode in a specially crafted compiled rule can read uninitialized data from VM scratch memory in libyara/exec.c. This can allow attackers to discover addresses in the real stack (not the YARA virtual stack).

5.5CVSS5.1AI score0.00269EPSS

CVE•added 2018/12/17 7:29 p.m.•41 views

CVE-2018-19976

In YARA 3.8.1, bytecode in a specially crafted compiled rule is exposed to information about its environment, in libyara/exec.c. This is a consequence of the design of the YARA virtual machine.

5.5CVSS5.1AI score0.00269EPSS

CVE•added 2018/12/17 7:29 p.m.•38 views

CVE-2018-19975

In YARA 3.8.1, bytecode in a specially crafted compiled rule can read data from any arbitrary address in memory, in libyara/exec.c. Specifically, OP_COUNT can read a DWORD.

7.1CVSS5.3AI score0.00241EPSS

CVE•added 2018/06/15 4:29 p.m.•37 views

CVE-2018-12034

In YARA 3.7.1 and prior, parsing a specially crafted compiled rule file can cause an out of bounds read vulnerability in yr_execute_code in libyara/exec.c.

7.8CVSS7.3AI score0.00208EPSS

CVE•added 2018/06/15 4:29 p.m.•37 views

CVE-2018-12035

In YARA 3.7.1 and prior, parsing a specially crafted compiled rule file can cause an out of bounds write vulnerability in yr_execute_code in libyara/exec.c.

7.8CVSS7.5AI score0.00208EPSS