Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
virustotal yara vulnerabilities and exploits
(subscribe to this query)
516
VMScore
CVE-2017-9465
The yr_arena_write_data function in YARA 3.6.1 allows remote malicious users to cause a denial of service (buffer over-read and application crash) or obtain sensitive information from process memory via a crafted file that is mishandled in the yr_re_fast_exec function in libyara/...
Virustotal Yara 3.6.1
445
VMScore
CVE-2016-10211
libyara/grammar.y in YARA 3.5.0 allows remote malicious users to cause a denial of service (use-after-free and application crash) via a crafted rule that is mishandled in the yr_parser_lookup_loop_variable function.
Virustotal Yara 3.5.0
445
VMScore
CVE-2016-10210
libyara/lexer.l in YARA 3.5.0 allows remote malicious users to cause a denial of service (NULL pointer dereference and application crash) via a crafted rule that is mishandled in the yy_get_next_buffer function.
Virustotal Yara 3.5.0
NA
CVE-2023-40857
Buffer Overflow vulnerability in VirusTotal yara v.4.3.2 allows a remote malicious user to execute arbtirary code via the yr_execute_cod function in the exe.c component.
Virustotal Yara 4.3.2
446
VMScore
CVE-2017-9438
libyara/re.c in the regexp module in YARA 3.5.0 allows remote malicious users to cause a denial of service (stack consumption) via a crafted rule (involving hex strings) that is mishandled in the _yr_re_emit function, a different vulnerability than CVE-2017-9304.
Virustotal Yara 3.5.0
632
VMScore
CVE-2018-19975
In YARA 3.8.1, bytecode in a specially crafted compiled rule can read data from any arbitrary address in memory, in libyara/exec.c. Specifically, OP_COUNT can read a DWORD.
Virustotal Yara 3.8.1
445
VMScore
CVE-2017-5924
libyara/grammar.y in YARA 3.5.0 allows remote malicious users to cause a denial of service (use-after-free and application crash) via a crafted rule that is mishandled in the yr_compiler_destroy function.
Virustotal Yara 3.5.0
383
VMScore
CVE-2019-5020
An exploitable denial of service vulnerability exists in the object lookup functionality of Yara 3.8.1. A specially crafted binary file can cause a negative value to be read to satisfy an assert, resulting in Denial of Service. An attacker can create a malicious binary to trigger...
Virustotal Yara 3.8.1
570
VMScore
CVE-2021-3402
An integer overflow and several buffer overflow reads in libyara/modules/macho/macho.c in YARA v4.0.3 and previous versions could allow an malicious user to either cause denial of service or information disclosure via a malicious Mach-O file. Affects all versions before libyara 4...
Virustotal Yara
Fedoraproject Fedora 33
Fedoraproject Fedora 34
605
VMScore
CVE-2019-19648
In the macho_parse_file functionality in macho/macho.c of YARA 3.11.0, command_size may be inconsistent with the real size. A specially crafted MachO file can cause an out-of-bounds memory access, resulting in Denial of Service (application crash) or potential code execution.
Virustotal Yara 3.11.0
Fedoraproject Fedora 33
Fedoraproject Fedora 34
VMScore
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2024-32976
CVE-2024-33557
CVE-2024-36801
CVE-2024-35654
authentication bypass
CVE-2024-24919
CSRF
code execution
CVE-2024-27348
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
1
2