Bnbdrop

#8151of 53,622
33.7Total CVSS
Vulnerabilities · 5
Medium
2
High
3
PT-2018-15180
5.5
2018-12-17
Yara · Yara · CVE-2018-19974
**Name of the Vulnerable Software and Affected Versions** YARA version 3.8.1 **Description** The issue allows attackers to discover addresses in the real stack by reading uninitialized data from VM scratch memory in libyara/exec.c when bytecode in a specially crafted compiled rule is executed. **Recommendations** For YARA version 3.8.1, at the moment, there is no information about a newer version that contains a fix for this vulnerability.
PT-2018-15181
7.1
2018-12-17
Yara · Yara · CVE-2018-19975
**Name of the Vulnerable Software and Affected Versions** YARA version 3.8.1 **Description** The issue allows bytecode in a specially crafted compiled rule to read data from any arbitrary address in memory. This is specifically related to OP COUNT, which can read a DWORD. The problem is located in libyara/exec.c. **Recommendations** For YARA version 3.8.1, at the moment, there is no information about a newer version that contains a fix for this vulnerability.
PT-2018-15182
5.5
2018-12-17
Yara · Yara · CVE-2018-19976
**Name of the Vulnerable Software and Affected Versions** YARA version 3.8.1 **Description** The issue arises from the design of the YARA virtual machine, where bytecode in a specially crafted compiled rule can expose information about its environment. This occurs in the libyara/exec.c component. **Recommendations** For YARA version 3.8.1, at the moment, there is no information about a newer version that contains a fix for this vulnerability.
PT-2018-10955
7.8
2018-06-15
Yara · Yara · CVE-2018-12034
**Name of the Vulnerable Software and Affected Versions** YARA versions prior to 3.7.1 **Description** The issue arises when parsing a specially crafted compiled rule file, leading to an out of bounds read in the `yr execute code` function located in `libyara/exec.c`. **Recommendations** For versions prior to 3.7.1, update to version 3.7.1 or later to resolve the issue.
PT-2018-10956
7.8
2018-06-15
Yara · Yara · CVE-2018-12035
**Name of the Vulnerable Software and Affected Versions** YARA versions 3.7.1 and prior **Description** The issue arises when parsing a specially crafted compiled rule file, which can cause an out of bounds write in the `yr execute code` function located in `libyara/exec.c`. **Recommendations** For YARA versions 3.7.1 and prior, at the moment, there is no information about a newer version that contains a fix for this vulnerability.