Описание
The yr_arena_write_data function in YARA 3.6.1 allows remote attackers to cause a denial of service (buffer over-read and application crash) or obtain sensitive information from process memory via a crafted file that is mishandled in the yr_re_fast_exec function in libyara/re.c and the _yr_scan_match_callback function in libyara/scan.c.
| Релиз | Статус | Примечание |
|---|---|---|
| artful | ignored | end of life |
| bionic | not-affected | 3.7.1-1ubuntu2 |
| cosmic | not-affected | 3.7.1-1ubuntu2 |
| devel | not-affected | 3.7.1-1ubuntu2 |
| disco | not-affected | 3.7.1-1ubuntu2 |
| eoan | not-affected | 3.7.1-1ubuntu2 |
| esm-apps/bionic | not-affected | 3.7.1-1ubuntu2 |
| esm-apps/focal | not-affected | 3.7.1-1ubuntu2 |
| esm-apps/jammy | not-affected | 3.7.1-1ubuntu2 |
| esm-apps/noble | not-affected | 3.7.1-1ubuntu2 |
Показывать по
5.8 Medium
CVSS2
7.1 High
CVSS3
Связанные уязвимости
The yr_arena_write_data function in YARA 3.6.1 allows remote attackers to cause a denial of service (buffer over-read and application crash) or obtain sensitive information from process memory via a crafted file that is mishandled in the yr_re_fast_exec function in libyara/re.c and the _yr_scan_match_callback function in libyara/scan.c.
The yr_arena_write_data function in YARA 3.6.1 allows remote attackers ...
The yr_arena_write_data function in YARA 3.6.1 allows remote attackers to cause a denial of service (buffer over-read and application crash) or obtain sensitive information from process memory via a crafted file that is mishandled in the yr_re_fast_exec function in libyara/re.c and the _yr_scan_match_callback function in libyara/scan.c.
5.8 Medium
CVSS2
7.1 High
CVSS3