| Max CVSS | 7.1 | Min CVSS | 4.3 | Total Count | 2 |
| ID | CVSS | Summary | Last (major) update | Published | |
| CVE-2018-19974 | 4.3 |
In YARA 3.8.1, bytecode in a specially crafted compiled rule can read uninitialized data from VM scratch memory in libyara/exec.c. This can allow attackers to discover addresses in the real stack (not the YARA virtual stack).
|
24-08-2020 - 17:37 | 17-12-2018 - 19:29 | |
| CVE-2018-19975 | 7.1 |
In YARA 3.8.1, bytecode in a specially crafted compiled rule can read data from any arbitrary address in memory, in libyara/exec.c. Specifically, OP_COUNT can read a DWORD.
|
06-10-2019 - 03:15 | 17-12-2018 - 19:29 | |
| CVE-2018-19976 | 4.3 |
In YARA 3.8.1, bytecode in a specially crafted compiled rule is exposed to information about its environment, in libyara/exec.c. This is a consequence of the design of the YARA virtual machine.
|
06-10-2019 - 03:15 | 17-12-2018 - 19:29 |