PT-2018-15181 · Yara · Yara

Bnbdrop

Publicado

2018-12-17

Atualizado

2026-03-09

CVE-2018-19975

CVSS v2.0

7.1

Alta

Vetor

AV:N/AC:M/Au:N/C:C/I:N/A:N

Name of the Vulnerable Software and Affected Versions YARA version 3.8.1

Description The issue allows bytecode in a specially crafted compiled rule to read data from any arbitrary address in memory. This is specifically related to OP COUNT, which can read a DWORD. The problem is located in libyara/exec.c.

Recommendations For YARA version 3.8.1, at the moment, there is no information about a newer version that contains a fix for this vulnerability.

Exploit

Out of bounds Read

Encontrou algum problema na descrição? Tem algo a acrescentar? Fique à vontade para nos escrever 👾

dbugs@ptsecurity.com

Enumeração de Fraquezas

CWE-125

Identificadores relacionados

CVE-2018-19975

USN-8080-1

Produtos afetados

Yara

PT-2018-15181 · Yara · Yara

CVE-2018-19975

Enumeração de Fraquezas

Identificadores relacionados

Produtos afetados

Referências · 29