CVE-2019-5020

Published: 7/31/2019 Last updated: 8/4/2024 Reserved: 1/4/2019

An exploitable denial of service vulnerability exists in the object lookup functionality of Yara 3.8.1. A specially crafted binary file can cause a negative value to be read to satisfy an assert, resulting in Denial of Service. An attacker can create a malicious binary to trigger this vulnerability.

CNA assigner: talos (b86d76f8-0f8a-4a96-a78d-d8abfc7fc29b) Requested by: n/a

Metrics

Version	Score	Severity	Vector String
3.0	6.5	Medium	CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H

Opam packages affected (1)

yara

Products affected (1)

Product	Vendor	Version
Yara Object	n/a	10 Version 1607 for 32-bit Systems

References (2)

https://talosintelligence.com/vulnerability_reports/TALOS-2019-0781
https://talosintelligence.com/vulnerability_reports/TALOS-2019-0781