Note:
This project will be discontinued after December 13, 2021. [more]
Product:
Yara
(Virustotal)| Repositories | https://github.com/VirusTotal/yara |
| #Vulnerabilities | 20 |
| Date | Id | Summary | Products | Score | Patch | Annotated |
|---|---|---|---|---|---|---|
| 2018-06-15 | CVE-2018-12034 | In YARA 3.7.1 and prior, parsing a specially crafted compiled rule file can cause an out of bounds read vulnerability in yr_execute_code in libyara/exec.c. | Yara | 7.8 | ||
| 2017-06-06 | CVE-2017-9465 | The yr_arena_write_data function in YARA 3.6.1 allows remote attackers to cause a denial of service (buffer over-read and application crash) or obtain sensitive information from process memory via a crafted file that is mishandled in the yr_re_fast_exec function in libyara/re.c and the _yr_scan_match_callback function in libyara/scan.c. | Yara | 7.1 | ||
| 2017-05-31 | CVE-2017-9304 | libyara/re.c in the regexp module in YARA 3.5.0 allows remote attackers to cause a denial of service (stack consumption) via a crafted rule that is mishandled in the _yr_re_emit function. | Yara | 7.5 | ||
| 2017-05-14 | CVE-2017-8929 | The sized_string_cmp function in libyara/sizedstr.c in YARA 3.5.0 allows remote attackers to cause a denial of service (use-after-free and application crash) via a crafted rule. | Yara | 7.5 | ||
| 2017-04-27 | CVE-2017-8294 | libyara/re.c in the regex component in YARA 3.5.0 allows remote attackers to cause a denial of service (out-of-bounds read and application crash) via a crafted rule that is mishandled in the yr_re_exec function. | Yara | 7.5 | ||
| 2017-04-03 | CVE-2017-5924 | libyara/grammar.y in YARA 3.5.0 allows remote attackers to cause a denial of service (use-after-free and application crash) via a crafted rule that is mishandled in the yr_compiler_destroy function. | Yara | 7.5 | ||
| 2017-04-03 | CVE-2017-5923 | libyara/grammar.y in YARA 3.5.0 allows remote attackers to cause a denial of service (heap-based out-of-bounds read and application crash) via a crafted rule that is mishandled in the yara_yyparse function. | Yara | 7.5 | ||
| 2017-07-17 | CVE-2017-11328 | Heap buffer overflow in the yr_object_array_set_item() function in object.c in YARA 3.x allows a denial-of-service attack by scanning a crafted .NET file. | Yara | 5.5 | ||
| 2017-04-03 | CVE-2016-10211 | libyara/grammar.y in YARA 3.5.0 allows remote attackers to cause a denial of service (use-after-free and application crash) via a crafted rule that is mishandled in the yr_parser_lookup_loop_variable function. | Yara | 7.5 | ||
| 2017-04-03 | CVE-2016-10210 | libyara/lexer.l in YARA 3.5.0 allows remote attackers to cause a denial of service (NULL pointer dereference and application crash) via a crafted rule that is mishandled in the yy_get_next_buffer function. | Yara | 7.5 |