Описание
In YARA 3.8.1, bytecode in a specially crafted compiled rule can read uninitialized data from VM scratch memory in libyara/exec.c. This can allow attackers to discover addresses in the real stack (not the YARA virtual stack).
| Релиз | Статус | Примечание |
|---|---|---|
| bionic | ignored | end of standard support, was needs-triage |
| cosmic | ignored | end of life |
| devel | needs-triage | |
| disco | not-affected | 3.8.1-2 |
| eoan | ignored | end of life |
| esm-apps/bionic | needs-triage | |
| esm-apps/focal | not-affected | 3.8.1-2 |
| esm-apps/jammy | not-affected | 3.8.1-2 |
| esm-apps/noble | not-affected | 3.8.1-2 |
| esm-apps/xenial | needs-triage |
Показывать по
4.3 Medium
CVSS2
5.5 Medium
CVSS3
Связанные уязвимости
In YARA 3.8.1, bytecode in a specially crafted compiled rule can read uninitialized data from VM scratch memory in libyara/exec.c. This can allow attackers to discover addresses in the real stack (not the YARA virtual stack).
In YARA 3.8.1, bytecode in a specially crafted compiled rule can read ...
In YARA 3.8.1, bytecode in a specially crafted compiled rule can read uninitialized data from VM scratch memory in libyara/exec.c. This can allow attackers to discover addresses in the real stack (not the YARA virtual stack).
4.3 Medium
CVSS2
5.5 Medium
CVSS3