In YARA 3.8.1, bytecode in a specially crafted compiled rule can read data from any arbitrary address in memory, in libyara/exec.c. Specifically, OP_COUNT can read a DWORD.
Vulnerable Product | Search on Vulmon | Subscribe to Product |
---|---|---|
virustotal yara 3.8.1 |