Risk | Low |
Patch available | YES |
Number of vulnerabilities | 3 |
CVE-ID | CVE-2018-19975 CVE-2018-19974 CVE-2018-19976 |
CWE-ID | CWE-200 |
Exploitation vector | Local |
Public exploit |
Public exploit code for vulnerability #1 is available. Public exploit code for vulnerability #2 is available. Public exploit code for vulnerability #3 is available. |
Vulnerable software |
YARA Server applications / Server solutions for antivurus protection |
Vendor | VirusTotal |
Security Bulletin
This security bulletin contains information about 3 vulnerabilities.
EUVDB-ID: #VU16656
Risk: Low
CVSSv4.0: 5.4 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N/E:P/U:Clear]
CVE-ID: CVE-2018-19975
CWE-ID:
CWE-200 - Exposure of sensitive information to an unauthorized actor
Exploit availability: No
DescriptionThe vulnerability allows a local attacker to gain access to potentially sensitive information.
The vulnerability exists due to the design of the YARA virtual machine (VM), which could allow an attacker to use OP_COUNT to read a DWORD value from any arbitrary memory address. A local attacker can execute a compiled rule file that submits malicious input and read data from any arbitrary address in memory, in libyara/exec.c.
MitigationInstall update from vendor's website.
Vulnerable software versionsYARA: 3.8.1
CPE2.3 External linkshttps://github.com/VirusTotal/yara/issues/999
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
How the attacker can exploit this vulnerability?
The attacker would have to send a specially crafted request to the affected application in order to exploit this vulnerability.
The attacker would have to login to the system and perform certain actions in order to exploit this vulnerability.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability. However, proof of concept for this vulnerability is available.
EUVDB-ID: #VU16657
Risk: Low
CVSSv4.0: 5.4 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N/E:P/U:Clear]
CVE-ID: CVE-2018-19974
CWE-ID:
CWE-200 - Exposure of sensitive information to an unauthorized actor
Exploit availability: No
DescriptionThe vulnerability allows a local attacker to gain access to potentially sensitive information.
The vulnerability exists due to the design of the YARA virtual machine (VM). A local attacker can execute a compiled rule file that submits malicious input and read uninitialized data from VM scratch memory in libyara/exec.c.
MitigationInstall update from vendor's website.
Vulnerable software versionsYARA: 3.8.1
CPE2.3 External linkshttps://github.com/VirusTotal/yara/issues/999
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
How the attacker can exploit this vulnerability?
The attacker would have to send a specially crafted request to the affected application in order to exploit this vulnerability.
The attacker would have to login to the system and perform certain actions in order to exploit this vulnerability.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability. However, proof of concept for this vulnerability is available.
EUVDB-ID: #VU16658
Risk: Low
CVSSv4.0: 5.4 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N/E:P/U:Clear]
CVE-ID: CVE-2018-19976
CWE-ID:
CWE-200 - Exposure of sensitive information to an unauthorized actor
Exploit availability: No
DescriptionThe vulnerability allows a local attacker to gain access to potentially sensitive information.
The vulnerability exists due to the design of the YARA virtual machine. A local attacker can execute a compiled rule file that submits malicious input and read uninitialized data from VM scratch memory in libyara/exec.c.
MitigationInstall update from vendor's website.
Vulnerable software versionsYARA: 3.8.1
CPE2.3 External linkshttps://github.com/VirusTotal/yara/issues/999
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
How the attacker can exploit this vulnerability?
The attacker would have to send a specially crafted request to the affected application in order to exploit this vulnerability.
The attacker would have to login to the system and perform certain actions in order to exploit this vulnerability.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability. However, proof of concept for this vulnerability is available.