Known Vulnerabilities for Yara by Virustotal
Listed below are 10 of the newest known vulnerabilities associated with "Yara" by "Virustotal".
These CVEs are retrieved based on exact matches on listed software, hardware, and vendor information (CPE data) as well as a keyword search to ensure the newest vulnerabilities with no officially listed software information are still displayed.
Data on known vulnerable versions is also displayed based on information from known CPEs
Known Vulnerabilities
| CVE | Shortened Description | Severity | Publish Date | Last Modified |
|---|---|---|---|---|
| CVE-2023-40857 json | Buffer Overflow vulnerability in VirusTotal yara v.4.3.2 allows a remote attacker to execute arbtirary code via the yr_execut... | 8.8 - HIGH | 2023-08-28 | 2023-08-31 |
| CVE-2021-45429 json | A Buffer Overflow vulnerablity exists in VirusTotal YARA git commit: 605b2edf07ed8eb9a2c61ba22eb2e7c362f47ba7 via yr_set_conf... | 5.5 - MEDIUM | 2022-02-04 | 2024-02-02 |
| CVE-2021-3402 json | An integer overflow and several buffer overflow reads in libyara/modules/macho/macho.c in YARA v4.0.3 and earlier could allow... | 9.1 - CRITICAL | 2021-05-14 | 2023-11-07 |
| CVE-2019-19648 json | In the macho_parse_file functionality in macho/macho.c of YARA 3.11.0, command_size may be inconsistent with the real size. A... | 7.8 - HIGH | 2019-12-09 | 2023-11-07 |
| CVE-2019-5020 json | An exploitable denial of service vulnerability exists in the object lookup functionality of Yara 3.8.1. A specially crafted b... | 5.5 - MEDIUM | 2019-07-31 | 2022-06-13 |
| CVE-2018-19976 json | In YARA 3.8.1, bytecode in a specially crafted compiled rule is exposed to information about its environment, in libyara/exec... | 5.5 - MEDIUM | 2018-12-17 | 2023-11-07 |
| CVE-2018-19975 json | In YARA 3.8.1, bytecode in a specially crafted compiled rule can read data from any arbitrary address in memory, in libyara/e... | 5.5 - MEDIUM | 2018-12-17 | 2023-11-07 |
| CVE-2018-19974 json | In YARA 3.8.1, bytecode in a specially crafted compiled rule can read uninitialized data from VM scratch memory in libyara/ex... | 5.5 - MEDIUM | 2018-12-17 | 2023-11-07 |
| CVE-2018-12035 json | In YARA 3.7.1 and prior, parsing a specially crafted compiled rule file can cause an out of bounds write vulnerability in yr_... | 7.8 - HIGH | 2018-06-15 | 2018-08-01 |
| CVE-2018-12034 json | In YARA 3.7.1 and prior, parsing a specially crafted compiled rule file can cause an out of bounds read vulnerability in yr_e... | 7.8 - HIGH | 2018-06-15 | 2018-08-01 |
Known Affected Configurations (CPE V2.3)
| Type | Vendor | Product | Version | Update | Edition | Language |
|---|---|---|---|---|---|---|
| Application | Virustotal | Yara | 3.9.0 | |||
| Application | Virustotal | Yara | 3.8.1 | |||
| Application | Virustotal | Yara | 3.8.0 | |||
| Application | Virustotal | Yara | 3.7.1 | |||
| Application | Virustotal | Yara | 3.7.0 | |||
| Application | Virustotal | Yara | 3.6.3 | |||
| Application | Virustotal | Yara | 3.6.2 | |||
| Application | Virustotal | Yara | 3.6.1 | |||
| Application | Virustotal | Yara | 3.6.0 | |||
| Application | Virustotal | Yara | 3.5.0 | |||
| Application | Virustotal | Yara | 3.4.0 | |||
| Application | Virustotal | Yara | 3.3.0 | |||
| Application | Virustotal | Yara | 3.2.0 | |||
| Application | Virustotal | Yara | 3.11.0 | |||
| Application | Virustotal | Yara | 3.10.0 | |||
| Application | Virustotal | Yara | 3.1.0 | |||
| Application | Virustotal | Yara | 3.0.0 | |||
| Application | Virustotal | Yara | 2.1.0 | |||
| Application | Virustotal | Yara | 2.0.0 | |||
| Application | Virustotal | Yara | 1.7.2 |