Victor Manuel Alvarez

2 exploits Active since Jun 2017

CVE-2017-11328 WRITEUP MEDIUM WRITEUP

YARA 3.x - Denial of Service via Heap Buffer Overflow in yr_object_array_set_item

Heap buffer overflow in the yr_object_array_set_item() function in object.c in YARA 3.x allows a denial-of-service attack by scanning a crafted .NET file.

CVSS 5.5

View Code

CVE-2017-9438 WRITEUP HIGH WRITEUP

YARA 3.5.0 - Denial of Service via Crafted Regex Rule

libyara/re.c in the regexp module in YARA 3.5.0 allows remote attackers to cause a denial of service (stack consumption) via a crafted rule (involving hex strings) that is mishandled in the _yr_re_emit function, a different vulnerability than CVE-2017-9304.

CVSS 7.5

View Code