High severity7.5OSV Advisory· Published Apr 3, 2017· Updated Jun 17, 2026
CVE-2016-10211
CVE-2016-10211
Description
libyara/grammar.y in YARA 3.5.0 allows remote attackers to cause a denial of service (use-after-free and application crash) via a crafted rule that is mishandled in the yr_parser_lookup_loop_variable function.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Affected products
3v2.0.0, v2.1.0, v3.0.0, …+ 2 more
- (no CPE)range: v2.0.0, v2.1.0, v3.0.0, …
- cpe:2.3:a:virustotal:yara:3.5.0:*:*:*:*:*:*:*
- (no CPE)range: <=3.5.0
Patches
Vulnerability mechanics
References
3- github.com/VirusTotal/yara/commit/890c3f850293176c0e996a602ffa88b315f4e98fnvdPatchVendor Advisory
- github.com/VirusTotal/yara/issues/575nvdExploitIssue TrackingPatch
- www.securityfocus.com/bid/98078nvd
News mentions
0No linked articles in our index yet.