Note:
This project will be discontinued after December 13, 2021. [more]
2019-07-31
An exploitable denial of service vulnerability exists in the object lookup functionality of Yara 3.8.1. A specially crafted binary file can cause a negative value to be read to satisfy an assert, resulting in Denial of Service. An attacker can create a malicious binary to trigger this vulnerability.
Products | Yara |
Type | Improper Check for Unusual or Exceptional Conditions (CWE-754) Reachable Assertion (CWE-617) |
First patch | - None (likely due to unavailable code) |
Links | https://talosintelligence.com/vulnerability_reports/TALOS-2019-0781 |