{"id":"USN-8080-1","summary":"yara vulnerabilities","details":"Kamil Frankowicz discovered that a number of YARA's functions\ngenerated memory exceptions when processing specially crafted\nrules or files. A remote attacker could possibly use these\nissues to cause YARA to crash, resulting in a denial of\nservice. These issues only affected Ubuntu 16.04 LTS.\n(CVE-2016-10211, CVE-2017-5923, CVE-2017-5924, CVE-2017-8294,\nCVE-2017-8929, CVE-2017-9304, CVE-2017-9438, CVE-2017-9465)\n\nJurriaan Bremer discovered that YARA's yr_object_array_set_limit()\nfunction could result in a heap buffer overflow when scanning\nspecially crafted .NET files. A remote attacker could possibly use\nthis issue to cause YARA to crash, resulting in a denial of service.\nThis issue only affected Ubuntu 16.04 LTS. (CVE-2017-11328)\n\nIt was discovered that YARA's yr_execute_code() function could\ncause an out-of-bounds read or write when parsing specially crafted\ncompiled rule files. A remote attacker could possibly use these\nissues to cause YARA to crash, resulting in a denial of service.\nThese issues only affected Ubuntu 16.04 LTS and Ubuntu 18.04 LTS.\n(CVE-2018-12034, CVE-2018-12035)\n\nIt was discovered that YARA's virtual machine could be escaped in\ncertain instances. A remote attacker could possibly use these issues\nto execute arbitrary code. These issues only affected Ubuntu 16.04\nLTS and Ubuntu 18.04 LTS. (CVE-2018-19974, CVE-2018-19975,\nCVE-2018-19976)\n\nIt was discovered that YARA's macho_parse_file() function would\ngenerate an out-of-bounds memory access error when parsing a\nspecially crafted Mach-O file. A remote attacker could possibly use\nthis issue to cause YARA to crash, resulting in a denial of service,\nor execute arbitrary code. This issue only affected Ubuntu 20.04 LTS.\n(CVE-2019-19648)\n\nIt was discovered that YARA's macho.c implementation contained several\noverflow reads, which could be triggered when parsing specially\ncrafted Mach-O files. A remote attacker could possibly use this issue\nto cause YARA to crash, resulting in a denial of service, or to learn\nsensitive information. This issue only affected Ubuntu 20.04 LTS.\n(CVE-2021-3402)\n\nIt was discovered that YARA's yr_set_configuration() function could\ntrigger a buffer overflow when parsing specially crafted rules. A\nremote attacker could possibly use this issue to cause YARA to crash,\nresulting in a denial of service. This issue only affected Ubuntu\n18.04 LTS and Ubuntu 20.04 LTS. (CVE-2021-45429)","modified":"2026-05-20T16:03:57.390253431Z","published":"2026-03-09T16:06:04Z","related":["UBUNTU-CVE-2016-10211","UBUNTU-CVE-2017-11328","UBUNTU-CVE-2017-5923","UBUNTU-CVE-2017-5924","UBUNTU-CVE-2017-8294","UBUNTU-CVE-2017-8929","UBUNTU-CVE-2017-9304","UBUNTU-CVE-2017-9438","UBUNTU-CVE-2017-9465","UBUNTU-CVE-2018-12034","UBUNTU-CVE-2018-12035","UBUNTU-CVE-2018-19974","UBUNTU-CVE-2018-19975","UBUNTU-CVE-2018-19976","UBUNTU-CVE-2019-19648","UBUNTU-CVE-2021-3402","UBUNTU-CVE-2021-45429"],"upstream":["UBUNTU-CVE-2016-10211","UBUNTU-CVE-2017-5923","UBUNTU-CVE-2017-5924","UBUNTU-CVE-2017-8294","UBUNTU-CVE-2017-8929","UBUNTU-CVE-2017-9304","UBUNTU-CVE-2017-9438","UBUNTU-CVE-2017-9465","UBUNTU-CVE-2017-11328","UBUNTU-CVE-2018-12034","UBUNTU-CVE-2018-12035","UBUNTU-CVE-2018-19974","UBUNTU-CVE-2018-19975","UBUNTU-CVE-2018-19976","UBUNTU-CVE-2019-19648","UBUNTU-CVE-2021-3402","UBUNTU-CVE-2021-45429"],"references":[{"type":"ADVISORY","url":"https://ubuntu.com/security/notices/USN-8080-1"},{"type":"REPORT","url":"https://ubuntu.com/security/CVE-2016-10211"},{"type":"REPORT","url":"https://ubuntu.com/security/CVE-2017-5923"},{"type":"REPORT","url":"https://ubuntu.com/security/CVE-2017-5924"},{"type":"REPORT","url":"https://ubuntu.com/security/CVE-2017-8294"},{"type":"REPORT","url":"https://ubuntu.com/security/CVE-2017-8929"},{"type":"REPORT","url":"https://ubuntu.com/security/CVE-2017-9304"},{"type":"REPORT","url":"https://ubuntu.com/security/CVE-2017-9438"},{"type":"REPORT","url":"https://ubuntu.com/security/CVE-2017-9465"},{"type":"REPORT","url":"https://ubuntu.com/security/CVE-2017-11328"},{"type":"REPORT","url":"https://ubuntu.com/security/CVE-2018-12034"},{"type":"REPORT","url":"https://ubuntu.com/security/CVE-2018-12035"},{"type":"REPORT","url":"https://ubuntu.com/security/CVE-2018-19974"},{"type":"REPORT","url":"https://ubuntu.com/security/CVE-2018-19975"},{"type":"REPORT","url":"https://ubuntu.com/security/CVE-2018-19976"},{"type":"REPORT","url":"https://ubuntu.com/security/CVE-2019-19648"},{"type":"REPORT","url":"https://ubuntu.com/security/CVE-2021-3402"},{"type":"REPORT","url":"https://ubuntu.com/security/CVE-2021-45429"}],"affected":[{"package":{"name":"yara","ecosystem":"Ubuntu:Pro:16.04:LTS","purl":"pkg:deb/ubuntu/yara?arch=source&distro=esm-infra-legacy%2Fxenial"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"},{"fixed":"3.4.0+dfsg-2ubuntu0.1~esm1"}]}],"versions":["3.4.0+dfsg-2","3.4.0+dfsg-2build1"],"ecosystem_specific":{"availability":"Available with Ubuntu Pro with Legacy support add-on: https://ubuntu.com/pro","binaries":[{"binary_version":"3.4.0+dfsg-2ubuntu0.1~esm1","binary_name":"libyara3"},{"binary_version":"3.4.0+dfsg-2ubuntu0.1~esm1","binary_name":"python-yara"},{"binary_version":"3.4.0+dfsg-2ubuntu0.1~esm1","binary_name":"python3-yara"},{"binary_version":"3.4.0+dfsg-2ubuntu0.1~esm1","binary_name":"yara"}]},"database_specific":{"source":"https://github.com/canonical/ubuntu-security-notices/blob/main/osv/usn/USN-8080-1.json","cves_map":{"ecosystem":"Ubuntu:Pro:16.04:LTS","cves":[]}}},{"package":{"name":"yara","ecosystem":"Ubuntu:Pro:18.04:LTS","purl":"pkg:deb/ubuntu/yara?arch=source&distro=esm-apps%2Fbionic"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"},{"fixed":"3.7.1-1ubuntu2+esm1"}]}],"versions":["3.6.3+dfsg-1ubuntu1","3.7.1-1ubuntu1","3.7.1-1ubuntu2"],"ecosystem_specific":{"availability":"Available with Ubuntu Pro: https://ubuntu.com/pro","binaries":[{"binary_version":"3.7.1-1ubuntu2+esm1","binary_name":"libyara3"},{"binary_version":"3.7.1-1ubuntu2+esm1","binary_name":"yara"}]},"database_specific":{"source":"https://github.com/canonical/ubuntu-security-notices/blob/main/osv/usn/USN-8080-1.json","cves_map":{"ecosystem":"Ubuntu:Pro:18.04:LTS","cves":[{"severity":[{"score":"CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H","type":"CVSS_V3"},{"type":"Ubuntu","score":"low"}],"id":"CVE-2018-12034"},{"severity":[{"type":"CVSS_V3","score":"CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H"},{"type":"Ubuntu","score":"medium"}],"id":"CVE-2018-12035"},{"severity":[{"type":"CVSS_V3","score":"CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N"},{"type":"Ubuntu","score":"medium"}],"id":"CVE-2018-19974"},{"severity":[{"score":"CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N","type":"CVSS_V3"},{"score":"medium","type":"Ubuntu"}],"id":"CVE-2018-19975"},{"severity":[{"score":"CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N","type":"CVSS_V3"},{"score":"low","type":"Ubuntu"}],"id":"CVE-2018-19976"},{"severity":[{"score":"CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H","type":"CVSS_V3"},{"type":"Ubuntu","score":"medium"}],"id":"CVE-2021-45429"}]}}},{"package":{"name":"yara","ecosystem":"Ubuntu:Pro:20.04:LTS","purl":"pkg:deb/ubuntu/yara?arch=source&distro=esm-apps%2Ffocal"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"},{"fixed":"3.9.0-1ubuntu0.1~esm1"}]}],"versions":["3.9.0-1"],"ecosystem_specific":{"availability":"Available with Ubuntu Pro: https://ubuntu.com/pro","binaries":[{"binary_version":"3.9.0-1ubuntu0.1~esm1","binary_name":"libyara3"},{"binary_version":"3.9.0-1ubuntu0.1~esm1","binary_name":"yara"}]},"database_specific":{"source":"https://github.com/canonical/ubuntu-security-notices/blob/main/osv/usn/USN-8080-1.json","cves_map":{"ecosystem":"Ubuntu:Pro:20.04:LTS","cves":[{"severity":[{"type":"CVSS_V3","score":"CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H"},{"type":"Ubuntu","score":"medium"}],"id":"CVE-2019-19648"},{"severity":[{"score":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:H","type":"CVSS_V3"},{"score":"medium","type":"Ubuntu"}],"id":"CVE-2021-3402"},{"severity":[{"type":"CVSS_V3","score":"CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H"},{"type":"Ubuntu","score":"medium"}],"id":"CVE-2021-45429"}]}}}],"schema_version":"1.7.5"}