CVE-2019-5020

Summary

An exploitable denial of service vulnerability exists in the object lookup functionality of Yara 3.8.1. A specially crafted binary file can cause a negative value to be read to satisfy an assert, resulting in Denial of Service. An attacker can create a malicious binary to trigger this vulnerability.

Affected Software

VendorProductVersion RangeStatus
n/aYara ObjectYara 3.8.1affected

Weaknesses

  • CWE-617: CWE-617: Reachable Assertion

ADP Enrichment

CVE Program Container

Additional References

References