Sign in Get started

← All vendors

Vendor

Virustotal

Sign in to watch

Products

1

CVEs

8

Across products

17

Status

Private

Products

1

Yara
17 CVEs

Recent CVEs

8

CVE	Sev	Risk	CVSS	EPSS	KEV	Published	Description
CVE-2017-9438	Hig	0.49	7.5	0.01		Jun 5, 2017	libyara/re.c in the regexp module in YARA 3.5.0 allows remote attackers to cause a denial of service (stack consumption) via a crafted rule (involving hex strings) that is mishandled in the _yr_re_emit function, a different vulnerability than CVE-2017-9304.
CVE-2017-9304	Hig	0.49	7.5	0.00		May 31, 2017	libyara/re.c in the regexp module in YARA 3.5.0 allows remote attackers to cause a denial of service (stack consumption) via a crafted rule that is mishandled in the _yr_re_emit function.
CVE-2017-8929	Hig	0.49	7.5	0.00		May 14, 2017	The sized_string_cmp function in libyara/sizedstr.c in YARA 3.5.0 allows remote attackers to cause a denial of service (use-after-free and application crash) via a crafted rule.
CVE-2017-8294	Hig	0.49	7.5	0.00		Apr 27, 2017	libyara/re.c in the regex component in YARA 3.5.0 allows remote attackers to cause a denial of service (out-of-bounds read and application crash) via a crafted rule that is mishandled in the yr_re_exec function.
CVE-2017-5924	Hig	0.49	7.5	0.00		Apr 3, 2017	libyara/grammar.y in YARA 3.5.0 allows remote attackers to cause a denial of service (use-after-free and application crash) via a crafted rule that is mishandled in the yr_compiler_destroy function.
CVE-2017-5923	Hig	0.49	7.5	0.00		Apr 3, 2017	libyara/grammar.y in YARA 3.5.0 allows remote attackers to cause a denial of service (heap-based out-of-bounds read and application crash) via a crafted rule that is mishandled in the yara_yyparse function.
CVE-2017-9465	Hig	0.46	7.1	0.00		Jun 6, 2017	The yr_arena_write_data function in YARA 3.6.1 allows remote attackers to cause a denial of service (buffer over-read and application crash) or obtain sensitive information from process memory via a crafted file that is mishandled in the yr_re_fast_exec function in libyara/re.c and the _yr_scan_match_callback function in libyara/scan.c.
CVE-2017-11328	Med	0.36	5.5	0.00		Jul 17, 2017	Heap buffer overflow in the yr_object_array_set_item() function in object.c in YARA 3.x allows a denial-of-service attack by scanning a crafted .NET file.