CVEDB API

Vulnerabilities

By Date
Known Exploited
Advanced Search

Vulnerable Software

Vendors
Products

Vulnerability Details CVE-2016-10211

libyara/grammar.y in YARA 3.5.0 allows remote attackers to cause a denial of service (use-after-free and application crash) via a crafted rule that is mishandled in the yr_parser_lookup_loop_variable function.

Exploit prediction scoring system (EPSS) score

EPSS Score 0.008

EPSS Ranking 72.9%

CVSS Severity

CVSS v3 Score 7.5

CVSS v2 Score 5.0

References

http://www.securityfocus.com/bid/98078
https://github.com/VirusTotal/yara/commit/890c3f850293176c0e996a602ffa88b315f4e98f
https://github.com/VirusTotal/yara/issues/575
http://www.securityfocus.com/bid/98078
https://github.com/VirusTotal/yara/commit/890c3f850293176c0e996a602ffa88b315f4e98f
https://github.com/VirusTotal/yara/issues/575

Products affected by CVE-2016-10211

Virustotal » Yara » Version: 3.5.0

cpe:2.3:a:virustotal:yara:3.5.0

Vulnerabilities

Vulnerable Software

Vulnerability Details CVE-2016-10211

Products

Pricing

Contact Us