Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
virustotal yara vulnerabilities and exploits
(subscribe to this query)
9.1
CVSSv3
CVE-2021-3402
An integer overflow and several buffer overflow reads in libyara/modules/macho/macho.c in YARA v4.0.3 and previous versions could allow an malicious user to either cause denial of service or information disclosure via a malicious Mach-O file. Affects all versions before libyara 4...
Virustotal Yara
Fedoraproject Fedora 33
Fedoraproject Fedora 34
8.8
CVSSv3
CVE-2023-40857
Buffer Overflow vulnerability in VirusTotal yara v.4.3.2 allows a remote malicious user to execute arbtirary code via the yr_execute_cod function in the exe.c component.
Virustotal Yara 4.3.2
7.8
CVSSv3
CVE-2019-19648
In the macho_parse_file functionality in macho/macho.c of YARA 3.11.0, command_size may be inconsistent with the real size. A specially crafted MachO file can cause an out-of-bounds memory access, resulting in Denial of Service (application crash) or potential code execution.
Virustotal Yara 3.11.0
Fedoraproject Fedora 33
Fedoraproject Fedora 34
7.8
CVSSv3
CVE-2018-12034
In YARA 3.7.1 and prior, parsing a specially crafted compiled rule file can cause an out of bounds read vulnerability in yr_execute_code in libyara/exec.c.
Virustotal Yara
7.8
CVSSv3
CVE-2018-12035
In YARA 3.7.1 and prior, parsing a specially crafted compiled rule file can cause an out of bounds write vulnerability in yr_execute_code in libyara/exec.c.
Virustotal Yara
7.5
CVSSv3
CVE-2017-9438
libyara/re.c in the regexp module in YARA 3.5.0 allows remote malicious users to cause a denial of service (stack consumption) via a crafted rule (involving hex strings) that is mishandled in the _yr_re_emit function, a different vulnerability than CVE-2017-9304.
Virustotal Yara 3.5.0
7.5
CVSSv3
CVE-2017-9304
libyara/re.c in the regexp module in YARA 3.5.0 allows remote malicious users to cause a denial of service (stack consumption) via a crafted rule that is mishandled in the _yr_re_emit function.
Virustotal Yara 3.5.0
7.5
CVSSv3
CVE-2017-8929
The sized_string_cmp function in libyara/sizedstr.c in YARA 3.5.0 allows remote malicious users to cause a denial of service (use-after-free and application crash) via a crafted rule.
Virustotal Yara 3.5.0
7.5
CVSSv3
CVE-2017-8294
libyara/re.c in the regex component in YARA 3.5.0 allows remote malicious users to cause a denial of service (out-of-bounds read and application crash) via a crafted rule that is mishandled in the yr_re_exec function.
Virustotal Yara 3.5.0
7.5
CVSSv3
CVE-2017-5924
libyara/grammar.y in YARA 3.5.0 allows remote malicious users to cause a denial of service (use-after-free and application crash) via a crafted rule that is mishandled in the yr_compiler_destroy function.
Virustotal Yara 3.5.0
CVSSv3
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2024-3201
CVE-2024-4779
CVE-2024-35090
CVE-2024-5084
hard-coded
CVE-2024-4985
HTML injection
CVE-2024-33655
local file inclusion
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
1
2
NEXT »