Vulnerabilities > Virustotal > Yara > 3.11.0

DATE CVE VULNERABILITY TITLE RISK
2021-05-14 CVE-2021-3402 Integer Overflow or Wraparound vulnerability in multiple products
An integer overflow and several buffer overflow reads in libyara/modules/macho/macho.c in YARA v4.0.3 and earlier could allow an attacker to either cause denial of service or information disclosure via a malicious Mach-O file.
network
low complexity
virustotal fedoraproject CWE-190
critical
 9.1
9.1
2019-12-09 CVE-2019-19648 Out-of-bounds Read vulnerability in multiple products
In the macho_parse_file functionality in macho/macho.c of YARA 3.11.0, command_size may be inconsistent with the real size.
local
low complexity
virustotal fedoraproject CWE-125
7.8
7.8