Virustotal

Yara

20 Schwachstellen gefunden.

Hinweis: Diese Liste kann unvollständig sein. Daten werden ohne Gewähr im Ursprungsformat bereitgestellt.
5.5

CVE-2017-11328

  • EPSS 0.19%
  • Veröffentlicht 17.07.2017 13:18:20
  • Zuletzt bearbeitet 20.04.2025 01:37:25

Heap buffer overflow in the yr_object_array_set_item() function in object.c in YARA 3.x allows a denial-of-service attack by scanning a crafted .NET file.

7.1

CVE-2017-9465

Exploit
  • EPSS 0.23%
  • Veröffentlicht 06.06.2017 21:29:00
  • Zuletzt bearbeitet 20.04.2025 01:37:25

The yr_arena_write_data function in YARA 3.6.1 allows remote attackers to cause a denial of service (buffer over-read and application crash) or obtain sensitive information from process memory via a crafted file that is mishandled in the yr_re_fast_e...

7.5

CVE-2017-9438

  • EPSS 0.61%
  • Veröffentlicht 05.06.2017 17:29:00
  • Zuletzt bearbeitet 20.04.2025 01:37:25

libyara/re.c in the regexp module in YARA 3.5.0 allows remote attackers to cause a denial of service (stack consumption) via a crafted rule (involving hex strings) that is mishandled in the _yr_re_emit function, a different vulnerability than CVE-201...

7.5

CVE-2017-9304

  • EPSS 0.33%
  • Veröffentlicht 31.05.2017 04:29:00
  • Zuletzt bearbeitet 20.04.2025 01:37:25

libyara/re.c in the regexp module in YARA 3.5.0 allows remote attackers to cause a denial of service (stack consumption) via a crafted rule that is mishandled in the _yr_re_emit function.

7.5

CVE-2017-8929

  • EPSS 0.42%
  • Veröffentlicht 14.05.2017 22:29:00
  • Zuletzt bearbeitet 20.04.2025 01:37:25

The sized_string_cmp function in libyara/sizedstr.c in YARA 3.5.0 allows remote attackers to cause a denial of service (use-after-free and application crash) via a crafted rule.

7.5

CVE-2017-8294

  • EPSS 0.51%
  • Veröffentlicht 27.04.2017 14:59:00
  • Zuletzt bearbeitet 20.04.2025 01:37:25

libyara/re.c in the regex component in YARA 3.5.0 allows remote attackers to cause a denial of service (out-of-bounds read and application crash) via a crafted rule that is mishandled in the yr_re_exec function.

7.5

CVE-2016-10210

Exploit
  • EPSS 0.64%
  • Veröffentlicht 03.04.2017 05:59:00
  • Zuletzt bearbeitet 20.04.2025 01:37:25

libyara/lexer.l in YARA 3.5.0 allows remote attackers to cause a denial of service (NULL pointer dereference and application crash) via a crafted rule that is mishandled in the yy_get_next_buffer function.

7.5

CVE-2017-5924

Exploit
  • EPSS 0.55%
  • Veröffentlicht 03.04.2017 05:59:00
  • Zuletzt bearbeitet 20.04.2025 01:37:25

libyara/grammar.y in YARA 3.5.0 allows remote attackers to cause a denial of service (use-after-free and application crash) via a crafted rule that is mishandled in the yr_compiler_destroy function.

7.5

CVE-2017-5923

Exploit
  • EPSS 0.79%
  • Veröffentlicht 03.04.2017 05:59:00
  • Zuletzt bearbeitet 20.04.2025 01:37:25

libyara/grammar.y in YARA 3.5.0 allows remote attackers to cause a denial of service (heap-based out-of-bounds read and application crash) via a crafted rule that is mishandled in the yara_yyparse function.

7.5

CVE-2016-10211

Exploit
  • EPSS 0.79%
  • Veröffentlicht 03.04.2017 05:59:00
  • Zuletzt bearbeitet 20.04.2025 01:37:25

libyara/grammar.y in YARA 3.5.0 allows remote attackers to cause a denial of service (use-after-free and application crash) via a crafted rule that is mishandled in the yr_parser_lookup_loop_variable function.