In YARA 3.8.1, bytecode in a specially crafted compiled rule can read uninitialized data from VM scratch memory in libyara/exec.c. This can allow malicious users to discover addresses in the real stack (not the YARA virtual stack).
Vulnerable Product | Search on Vulmon | Subscribe to Product |
---|---|---|
virustotal yara 3.8.1 |