VirusTotal YARA 3.5.0

CPE Details

VirusTotal YARA 3.5.0
virustotal
yara
3.5.0
2019-06-12
09h18 +00:00
2019-06-12
09h18 +00:00
CPE NVD
Alerte pour un CPE
Stay informed of any changes for a specific CPE.
Notifications manage

CPE Name: cpe:2.3:a:virustotal:yara:3.5.0:*:*:*:*:*:*:*

Informations

Vendor

virustotal

Product

yara

Version

3.5.0

Related CVE

Open and find in CVE List

CVE ID Published Description Score Severity
CVE-2021-45429 2022-02-04 17h09 +00:00 A Buffer Overflow vulnerablity exists in VirusTotal YARA git commit: 605b2edf07ed8eb9a2c61ba22eb2e7c362f47ba7 via yr_set_configuration in yara/libyara/libyara.c, which could cause a Denial of Service.
5.5
Medium
CVE-2021-3402 2021-05-14 18h05 +00:00 An integer overflow and several buffer overflow reads in libyara/modules/macho/macho.c in YARA v4.0.3 and earlier could allow an attacker to either cause denial of service or information disclosure via a malicious Mach-O file. Affects all versions before libyara 4.0.4
9.1
Critical
CVE-2018-12034 2018-06-15 14h00 +00:00 In YARA 3.7.1 and prior, parsing a specially crafted compiled rule file can cause an out of bounds read vulnerability in yr_execute_code in libyara/exec.c.
7.8
High
CVE-2018-12035 2018-06-15 14h00 +00:00 In YARA 3.7.1 and prior, parsing a specially crafted compiled rule file can cause an out of bounds write vulnerability in yr_execute_code in libyara/exec.c.
7.8
High
CVE-2017-11328 2017-07-14 03h00 +00:00 Heap buffer overflow in the yr_object_array_set_item() function in object.c in YARA 3.x allows a denial-of-service attack by scanning a crafted .NET file.
5.5
Medium
CVE-2017-9438 2017-06-05 15h00 +00:00 libyara/re.c in the regexp module in YARA 3.5.0 allows remote attackers to cause a denial of service (stack consumption) via a crafted rule (involving hex strings) that is mishandled in the _yr_re_emit function, a different vulnerability than CVE-2017-9304.
7.5
High
CVE-2017-9304 2017-05-31 01h54 +00:00 libyara/re.c in the regexp module in YARA 3.5.0 allows remote attackers to cause a denial of service (stack consumption) via a crafted rule that is mishandled in the _yr_re_emit function.
7.5
High
CVE-2017-8929 2017-05-14 22h00 +00:00 The sized_string_cmp function in libyara/sizedstr.c in YARA 3.5.0 allows remote attackers to cause a denial of service (use-after-free and application crash) via a crafted rule.
7.5
High
CVE-2017-8294 2017-04-27 12h00 +00:00 libyara/re.c in the regex component in YARA 3.5.0 allows remote attackers to cause a denial of service (out-of-bounds read and application crash) via a crafted rule that is mishandled in the yr_re_exec function.
7.5
High
CVE-2016-10210 2017-04-03 03h44 +00:00 libyara/lexer.l in YARA 3.5.0 allows remote attackers to cause a denial of service (NULL pointer dereference and application crash) via a crafted rule that is mishandled in the yy_get_next_buffer function.
7.5
High
CVE-2016-10211 2017-04-03 03h44 +00:00 libyara/grammar.y in YARA 3.5.0 allows remote attackers to cause a denial of service (use-after-free and application crash) via a crafted rule that is mishandled in the yr_parser_lookup_loop_variable function.
7.5
High
CVE-2017-5923 2017-04-03 03h44 +00:00 libyara/grammar.y in YARA 3.5.0 allows remote attackers to cause a denial of service (heap-based out-of-bounds read and application crash) via a crafted rule that is mishandled in the yara_yyparse function.
7.5
High
CVE-2017-5924 2017-04-03 03h44 +00:00 libyara/grammar.y in YARA 3.5.0 allows remote attackers to cause a denial of service (use-after-free and application crash) via a crafted rule that is mishandled in the yr_compiler_destroy function.
7.5
High
The information presented on CVE Find originates from several carefully selected reference sources. CVE data is provided by MITRE Corporation and the National Vulnerability Database (NVD). The Known Exploited Vulnerabilities (KEV) catalog is sourced from the Cybersecurity and Infrastructure Security Agency (CISA), while EPSS scores come from FIRST.org. Additionally, data regarding software weaknesses (CWE) and common attack patterns (CAPEC) is maintained by MITRE Corporation, and information on hardware and software configurations (CPE) is provided by the NVD.