« List of all CVEs

CVE-2018-19974

Published: 12/17/2018 Last updated: 8/5/2024 Reserved: 12/8/2018

In YARA 3.8.1, bytecode in a specially crafted compiled rule can read uninitialized data from VM scratch memory in libyara/exec.c. This can allow attackers to discover addresses in the real stack (not the YARA virtual stack).

CNA assigner: mitre (8254265b-2729-46b6-b9e3-3dfca2d5bfca) Requested by: n/a

Opam packages affected (1)

yara

Products affected (1)

Product Vendor Version
n/a n/a 23.0 ap384901

References (8)