Your submission was sent successfully! Close

Thank you for contacting us. A member of our team will be in touch shortly. Close

You have successfully unsubscribed! Close

Thank you for signing up for our newsletter!
In these regular emails you will find the latest updates about Ubuntu and upcoming events where you can meet our team.Close

Search CVE reports


Toggle filters

1 – 10 of 20 results


CVE-2023-40857

Medium priority
Needs evaluation

Buffer Overflow vulnerability in VirusTotal yara v.4.3.2 allows a remote attacker to execute arbtirary code via the yr_execute_cod function in the exe.c component.

1 affected packages

yara

Package 24.04 LTS 22.04 LTS 20.04 LTS 18.04 LTS 16.04 LTS
yara Needs evaluation Needs evaluation Needs evaluation Needs evaluation Needs evaluation
Show less packages

CVE-2021-45429

Medium priority
Needs evaluation

A Buffer Overflow vulnerablity exists in VirusTotal YARA git commit: 605b2edf07ed8eb9a2c61ba22eb2e7c362f47ba7 via yr_set_configuration in yara/libyara/libyara.c, which could cause a Denial of Service.

1 affected packages

yara

Package 24.04 LTS 22.04 LTS 20.04 LTS 18.04 LTS 16.04 LTS
yara Not affected Needs evaluation Needs evaluation Needs evaluation Needs evaluation
Show less packages

CVE-2021-3402

Medium priority
Needs evaluation

An integer overflow and several buffer overflow reads in libyara/modules/macho/macho.c in YARA v4.0.3 and earlier could allow an attacker to either cause denial of service or information disclosure via a malicious Mach-O file....

1 affected packages

yara

Package 24.04 LTS 22.04 LTS 20.04 LTS 18.04 LTS 16.04 LTS
yara Not affected Needs evaluation Needs evaluation Needs evaluation Needs evaluation
Show less packages

CVE-2019-19648

Medium priority
Needs evaluation

In the macho_parse_file functionality in macho/macho.c of YARA 3.11.0, command_size may be inconsistent with the real size. A specially crafted MachO file can cause an out-of-bounds memory access, resulting in Denial of Service...

1 affected packages

yara

Package 24.04 LTS 22.04 LTS 20.04 LTS 18.04 LTS 16.04 LTS
yara Needs evaluation Needs evaluation Needs evaluation Needs evaluation Needs evaluation
Show less packages

CVE-2019-5020

Medium priority

Some fixes available 1 of 2

An exploitable denial of service vulnerability exists in the object lookup functionality of Yara 3.8.1. A specially crafted binary file can cause a negative value to be read to satisfy an assert, resulting in Denial of Service. An...

1 affected packages

yara

Package 24.04 LTS 22.04 LTS 20.04 LTS 18.04 LTS 16.04 LTS
yara Not affected Not affected
Show less packages

CVE-2018-19976

Low priority
Needs evaluation

In YARA 3.8.1, bytecode in a specially crafted compiled rule is exposed to information about its environment, in libyara/exec.c. This is a consequence of the design of the YARA virtual machine.

1 affected packages

yara

Package 24.04 LTS 22.04 LTS 20.04 LTS 18.04 LTS 16.04 LTS
yara Needs evaluation Needs evaluation Needs evaluation Needs evaluation Needs evaluation
Show less packages

CVE-2018-19975

Medium priority
Needs evaluation

In YARA 3.8.1, bytecode in a specially crafted compiled rule can read data from any arbitrary address in memory, in libyara/exec.c. Specifically, OP_COUNT can read a DWORD.

1 affected packages

yara

Package 24.04 LTS 22.04 LTS 20.04 LTS 18.04 LTS 16.04 LTS
yara Needs evaluation Needs evaluation Needs evaluation Needs evaluation Needs evaluation
Show less packages

CVE-2018-19974

Medium priority
Needs evaluation

In YARA 3.8.1, bytecode in a specially crafted compiled rule can read uninitialized data from VM scratch memory in libyara/exec.c. This can allow attackers to discover addresses in the real stack (not the YARA virtual stack).

1 affected packages

yara

Package 24.04 LTS 22.04 LTS 20.04 LTS 18.04 LTS 16.04 LTS
yara Needs evaluation Needs evaluation Needs evaluation Needs evaluation Needs evaluation
Show less packages

CVE-2018-12035

Medium priority
Needs evaluation

In YARA 3.7.1 and prior, parsing a specially crafted compiled rule file can cause an out of bounds write vulnerability in yr_execute_code in libyara/exec.c.

1 affected packages

yara

Package 24.04 LTS 22.04 LTS 20.04 LTS 18.04 LTS 16.04 LTS
yara Not affected Not affected Not affected Needs evaluation Needs evaluation
Show less packages

CVE-2018-12034

Low priority
Needs evaluation

In YARA 3.7.1 and prior, parsing a specially crafted compiled rule file can cause an out of bounds read vulnerability in yr_execute_code in libyara/exec.c.

1 affected packages

yara

Package 24.04 LTS 22.04 LTS 20.04 LTS 18.04 LTS 16.04 LTS
yara Not affected Not affected Not affected Needs evaluation Needs evaluation
Show less packages