CVE-2018-19974

Published December 17th, 2018

View on NVD ↗

CVSS v3

N/A

CVSS v2

4.3

MEDIUM

Affected

PROJECTS

Description

In YARA 3.8.1, bytecode in a specially crafted compiled rule can read uninitialized data from VM scratch memory in libyara/exec.c. This can allow attackers to discover addresses in the real stack (not the YARA virtual stack).

VirusTotal/yara

The pattern matching swiss knife

GitHub

9.65K

bnbdr/swisscheese

Exploits for YARA 3.7.1 & 3.8.1

GitHub