VYPR

apk package

chainguard/yara-x-compat

pkg:apk/chainguard/yara-x-compat

Vulnerabilities (4)

  • CVE-2025-64345LowNov 12, 2025
    affected < 1.9.0-r2fixed 1.9.0-r2

    Wasmtime is a runtime for WebAssembly. Prior to version 38.0.4, 37.0.3, 36.0.3, and 24.0.5, Wasmtime's Rust embedder API contains an unsound interaction where a WebAssembly shared linear memory could be viewed as a type which provides safe access to the host (Rust) to the content

  • CVE-2025-53901Jul 18, 2025
    affected < 1.4.0-r2fixed 1.4.0-r2

    Wasmtime is a runtime for WebAssembly. Prior to versions 24.0.4, 33.0.2, and 34.0.2, a bug in Wasmtime's implementation of the WASIp1 set of import functions can lead to a WebAssembly guest inducing a panic in the host (embedder). The specific bug is triggered by calling `path_op

  • CVE-2025-53605MedJul 5, 2025
    affected < 0.13.0-r2fixed 0.13.0-r2

    The protobuf crate before 3.7.2 for Rust allows uncontrolled recursion in the protobuf::coded_input_stream::CodedInputStream::skip_group parsing of unknown fields in untrusted input.

  • CVE-2025-4574MedMay 13, 2025
    affected < 0.14.0-r2fixed 0.14.0-r2

    In crossbeam-channel rust crate, the internal `Channel` type's `Drop` method has a race condition which could, in some circumstances, lead to a double-free that could result in memory corruption.