Vulnerabilities > Virustotal > Medium

DATE CVE VULNERABILITY TITLE RISK
2017-05-31 CVE-2017-9304 Uncontrolled Recursion vulnerability in Virustotal Yara 3.5.0
libyara/re.c in the regexp module in YARA 3.5.0 allows remote attackers to cause a denial of service (stack consumption) via a crafted rule that is mishandled in the _yr_re_emit function.
network
low complexity
virustotal CWE-674
5.0
5.0
2017-05-14 CVE-2017-8929 Use After Free vulnerability in Virustotal Yara 3.5.0
The sized_string_cmp function in libyara/sizedstr.c in YARA 3.5.0 allows remote attackers to cause a denial of service (use-after-free and application crash) via a crafted rule.
network
low complexity
virustotal CWE-416
5.0
5.0
2017-04-27 CVE-2017-8294 Out-of-bounds Read vulnerability in Virustotal Yara 3.5.0
libyara/re.c in the regex component in YARA 3.5.0 allows remote attackers to cause a denial of service (out-of-bounds read and application crash) via a crafted rule that is mishandled in the yr_re_exec function.
network
low complexity
virustotal CWE-125
5.0
5.0
2017-04-03 CVE-2017-5924 Use After Free vulnerability in Virustotal Yara 3.5.0
libyara/grammar.y in YARA 3.5.0 allows remote attackers to cause a denial of service (use-after-free and application crash) via a crafted rule that is mishandled in the yr_compiler_destroy function.
network
low complexity
virustotal CWE-416
5.0
5.0
2017-04-03 CVE-2017-5923 Out-of-bounds Read vulnerability in Virustotal Yara 3.5.0
libyara/grammar.y in YARA 3.5.0 allows remote attackers to cause a denial of service (heap-based out-of-bounds read and application crash) via a crafted rule that is mishandled in the yara_yyparse function.
network
low complexity
virustotal CWE-125
5.0
5.0
2017-04-03 CVE-2016-10211 Use After Free vulnerability in Virustotal Yara 3.5.0
libyara/grammar.y in YARA 3.5.0 allows remote attackers to cause a denial of service (use-after-free and application crash) via a crafted rule that is mishandled in the yr_parser_lookup_loop_variable function.
network
low complexity
virustotal CWE-416
5.0
5.0
2017-04-03 CVE-2016-10210 NULL Pointer Dereference vulnerability in Virustotal Yara 3.5.0
libyara/lexer.l in YARA 3.5.0 allows remote attackers to cause a denial of service (NULL pointer dereference and application crash) via a crafted rule that is mishandled in the yy_get_next_buffer function.
network
low complexity
virustotal CWE-476
5.0
5.0