Virustotal Yara
Don't miss out!
Thousands of developers use stack.watch to stay informed.Get an email whenever new security vulnerabilities are reported in Virustotal Yara.
By the Year
In 2025 there have been 0 vulnerabilities in Virustotal Yara. Yara did not have any published security vulnerabilities last year.
| Year | Vulnerabilities | Average Score |
|---|---|---|
| 2025 | 0 | 0.00 |
| 2024 | 0 | 0.00 |
| 2023 | 1 | 8.80 |
| 2022 | 1 | 5.50 |
| 2021 | 1 | 9.10 |
| 2020 | 0 | 0.00 |
| 2019 | 2 | 6.65 |
| 2018 | 5 | 6.42 |
It may take a day or so for new Yara vulnerabilities to show up in the stats or in the list of recent security vulnerabilties. Additionally vulnerabilities may be tagged under a different product or component name.
Recent Virustotal Yara Security Vulnerabilities
Buffer Overflow vulnerability in VirusTotal yara v.4.3.2
CVE-2023-40857
8.8 - High
- August 28, 2023
Buffer Overflow vulnerability in VirusTotal yara v.4.3.2 allows a remote attacker to execute arbtirary code via the yr_execute_cod function in the exe.c component.
Memory Corruption
A Buffer Overflow vulnerablity exists in VirusTotal YARA git commit: 605b2edf07ed8eb9a2c61ba22eb2e7c362f47ba7
CVE-2021-45429
5.5 - Medium
- February 04, 2022
A Buffer Overflow vulnerablity exists in VirusTotal YARA git commit: 605b2edf07ed8eb9a2c61ba22eb2e7c362f47ba7 via yr_set_configuration in yara/libyara/libyara.c, which could cause a Denial of Service.
Classic Buffer Overflow
An integer overflow and several buffer overflow reads in libyara/modules/macho/macho.c in YARA v4.0.3 and earlier could
CVE-2021-3402
9.1 - Critical
- May 14, 2021
An integer overflow and several buffer overflow reads in libyara/modules/macho/macho.c in YARA v4.0.3 and earlier could allow an attacker to either cause denial of service or information disclosure via a malicious Mach-O file. Affects all versions before libyara 4.0.4
Integer Overflow or Wraparound
In the macho_parse_file functionality in macho/macho.c of YARA 3.11.0, command_size may be inconsistent with the real size
CVE-2019-19648
7.8 - High
- December 09, 2019
In the macho_parse_file functionality in macho/macho.c of YARA 3.11.0, command_size may be inconsistent with the real size. A specially crafted MachO file can cause an out-of-bounds memory access, resulting in Denial of Service (application crash) or potential code execution.
Out-of-bounds Read
An exploitable denial of service vulnerability exists in the object lookup functionality of Yara 3.8.1
CVE-2019-5020
5.5 - Medium
- July 31, 2019
An exploitable denial of service vulnerability exists in the object lookup functionality of Yara 3.8.1. A specially crafted binary file can cause a negative value to be read to satisfy an assert, resulting in Denial of Service. An attacker can create a malicious binary to trigger this vulnerability.
Improper Check for Unusual or Exceptional Conditions
In YARA 3.8.1, bytecode in a specially crafted compiled rule can read uninitialized data from VM scratch memory in libyara/exec.c
CVE-2018-19974
5.5 - Medium
- December 17, 2018
In YARA 3.8.1, bytecode in a specially crafted compiled rule can read uninitialized data from VM scratch memory in libyara/exec.c. This can allow attackers to discover addresses in the real stack (not the YARA virtual stack).
Use of Uninitialized Resource
In YARA 3.8.1, bytecode in a specially crafted compiled rule can read data from any arbitrary address in memory, in libyara/exec.c
CVE-2018-19975
5.5 - Medium
- December 17, 2018
In YARA 3.8.1, bytecode in a specially crafted compiled rule can read data from any arbitrary address in memory, in libyara/exec.c. Specifically, OP_COUNT can read a DWORD.
Out-of-bounds Read
In YARA 3.8.1, bytecode in a specially crafted compiled rule is exposed to information about its environment, in libyara/exec.c
CVE-2018-19976
5.5 - Medium
- December 17, 2018
In YARA 3.8.1, bytecode in a specially crafted compiled rule is exposed to information about its environment, in libyara/exec.c. This is a consequence of the design of the YARA virtual machine.
Information Disclosure
In YARA 3.7.1 and prior, parsing a specially crafted compiled rule file
CVE-2018-12034
7.8 - High
- June 15, 2018
In YARA 3.7.1 and prior, parsing a specially crafted compiled rule file can cause an out of bounds read vulnerability in yr_execute_code in libyara/exec.c.
Out-of-bounds Read
In YARA 3.7.1 and prior, parsing a specially crafted compiled rule file
CVE-2018-12035
7.8 - High
- June 15, 2018
In YARA 3.7.1 and prior, parsing a specially crafted compiled rule file can cause an out of bounds write vulnerability in yr_execute_code in libyara/exec.c.
Memory Corruption
libyara/re.c in the regexp module in YARA 3.5.0 allows remote attackers to cause a denial of service (stack consumption) via a crafted rule (involving hex strings)
CVE-2017-9438
7.5 - High
- June 05, 2017
libyara/re.c in the regexp module in YARA 3.5.0 allows remote attackers to cause a denial of service (stack consumption) via a crafted rule (involving hex strings) that is mishandled in the _yr_re_emit function, a different vulnerability than CVE-2017-9304.
Stack Exhaustion
Stay on top of Security Vulnerabilities
Want an email whenever new vulnerabilities are published for Virustotal Yara or by Virustotal? Click the Watch button to subscribe.
