Vulnerabilities > Virustotal > Yara

DATE CVE VULNERABILITY TITLE RISK
2017-07-17 CVE-2017-11328 Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in Virustotal Yara
Heap buffer overflow in the yr_object_array_set_item() function in object.c in YARA 3.x allows a denial-of-service attack by scanning a crafted .NET file.
4.3
2017-06-06 CVE-2017-9465 Out-of-bounds Read vulnerability in Virustotal Yara 3.6.1
The yr_arena_write_data function in YARA 3.6.1 allows remote attackers to cause a denial of service (buffer over-read and application crash) or obtain sensitive information from process memory via a crafted file that is mishandled in the yr_re_fast_exec function in libyara/re.c and the _yr_scan_match_callback function in libyara/scan.c.
5.8
2017-06-05 CVE-2017-9438 Uncontrolled Recursion vulnerability in Virustotal Yara 3.5.0
libyara/re.c in the regexp module in YARA 3.5.0 allows remote attackers to cause a denial of service (stack consumption) via a crafted rule (involving hex strings) that is mishandled in the _yr_re_emit function, a different vulnerability than CVE-2017-9304.
network
low complexity
virustotal CWE-674
7.5
2017-05-31 CVE-2017-9304 Uncontrolled Recursion vulnerability in Virustotal Yara 3.5.0
libyara/re.c in the regexp module in YARA 3.5.0 allows remote attackers to cause a denial of service (stack consumption) via a crafted rule that is mishandled in the _yr_re_emit function.
network
low complexity
virustotal CWE-674
5.0
2017-05-14 CVE-2017-8929 Use After Free vulnerability in Virustotal Yara 3.5.0
The sized_string_cmp function in libyara/sizedstr.c in YARA 3.5.0 allows remote attackers to cause a denial of service (use-after-free and application crash) via a crafted rule.
network
low complexity
virustotal CWE-416
5.0
2017-04-27 CVE-2017-8294 Out-of-bounds Read vulnerability in Virustotal Yara 3.5.0
libyara/re.c in the regex component in YARA 3.5.0 allows remote attackers to cause a denial of service (out-of-bounds read and application crash) via a crafted rule that is mishandled in the yr_re_exec function.
network
low complexity
virustotal CWE-125
5.0
2017-04-03 CVE-2017-5924 Use After Free vulnerability in Virustotal Yara 3.5.0
libyara/grammar.y in YARA 3.5.0 allows remote attackers to cause a denial of service (use-after-free and application crash) via a crafted rule that is mishandled in the yr_compiler_destroy function.
network
low complexity
virustotal CWE-416
5.0
2017-04-03 CVE-2017-5923 Out-of-bounds Read vulnerability in Virustotal Yara 3.5.0
libyara/grammar.y in YARA 3.5.0 allows remote attackers to cause a denial of service (heap-based out-of-bounds read and application crash) via a crafted rule that is mishandled in the yara_yyparse function.
network
low complexity
virustotal CWE-125
5.0
2017-04-03 CVE-2016-10211 Use After Free vulnerability in Virustotal Yara 3.5.0
libyara/grammar.y in YARA 3.5.0 allows remote attackers to cause a denial of service (use-after-free and application crash) via a crafted rule that is mishandled in the yr_parser_lookup_loop_variable function.
network
low complexity
virustotal CWE-416
5.0
2017-04-03 CVE-2016-10210 NULL Pointer Dereference vulnerability in Virustotal Yara 3.5.0
libyara/lexer.l in YARA 3.5.0 allows remote attackers to cause a denial of service (NULL pointer dereference and application crash) via a crafted rule that is mishandled in the yy_get_next_buffer function.
network
low complexity
virustotal CWE-476
5.0