Security News

Cybersecurity news aggregator

🐧
LOW Vulnerabilities Ubuntu Security

USN-8080-1: YARA vulnerabilities

cve-2016-10211cve-2017-5923cve-2017-5924ubuntudenial-of-service
  • What: Multiple YARA vulnerabilities were discovered that could cause denial of service.
  • Impact: Only affected Ubuntu 16.04 LTS.
Read Full Article →

Kamil Frankowicz discovered that a number of YARA's functions generated memory exceptions when processing specially crafted rules or files. A remote attacker could possibly use these issues to cause YARA to crash, resulting in a denial of service. These issues only affected Ubuntu 16.04 LTS. (CVE-2016-10211, CVE-2017-5923, CVE-2017-5924, CVE-2017-8294, CVE-2017-8929, CVE-2017-9304, CVE-2017-9438, CVE-2017-9465) Jurriaan Bremer discovered that YARA's yr_object_array_set_limit() function could result in a heap buffer overflow when scanning specially crafted .NET files. A remote attacker could possibly use this issue to cause YARA to crash, resulting in a denial of service. This issue only affected Ubuntu 16.04 LTS. (CVE-2017-11328) It was discovered that YARA's yr_execute_code() function could cause an out-of-bounds read or write when parsing specially crafted compiled rule files. A remote attacker could possibly use these issues to cause YARA to crash, resulting in a denial of service. These issues only affected Ubuntu 16.04 LTS and Ubuntu 18.04 LTS. (CVE-2018-12034, CVE-2018-12035) It was discovered that YARA's virtual machine could be escaped in certain instances. A remote attacker could possibly use these issues to execute arbitrary code. These issues only affected Ubuntu 16.04 LTS and Ubuntu 18.04 LTS. (CVE-2018-19974, CVE-2018-19975, CVE-2018-19976) It was discovered that YARA's macho_parse_file() function would generate an out-of-bounds memory access error when parsing a specially crafted Mach-O file. A remote attacker could possibly use this issue to cause YARA to crash, resulting in a denial of service, or execute arbitrary code. This issue only affected Ubuntu 20.04 LTS. (CVE-2019-19648) It was discovered that YARA's macho.c implementation contained several overflow reads, which could be triggered when parsing specially crafted Mach-O files. A remote attacker could possibly use this issue to cause YARA to crash, resulting in a denial of service, or to learn sensitive information. This issue only affected Ubuntu 20.04 LTS. (CVE-2021-3402) It was discovered that YARA's yr_set_configuration() function could trigger a buffer overflow when parsing specially crafted rules. A remote attacker could possibly use this issue to cause YARA to crash, resulting in a denial of service. This issue only affected Ubuntu 18.04 LTS and Ubuntu 20.04 LTS. (CVE-2021-45429)

Related Articles

HIGH Ubuntu Linux Kernel Multiple Vulnerabilities HKCERT MEDIUM USN-8046-1: FRR vulnerabilities Ubuntu Security MEDIUM USN-8053-1: libvpx vulnerability Ubuntu Security MEDIUM USN-8076-1: Qt vulnerabilities Ubuntu Security
Read Full Article → ← Back to News

Share this article

Twitter Facebook LinkedIn