CVE-2016-10211

HIGH7.5EPSS 0.49%

Published: 4/3/2017Modified: 4/28/2026

Also known as:DEBIAN-CVE-2016-10211

Description

libyara/grammar.y in YARA 3.5.0 allows remote attackers to cause a denial of service (use-after-free and application crash) via a crafted rule that is mishandled in the yr_parser_lookup_loop_variable function.

Affected packages (1)

Debian/yarafrom 0, < 3.5.0+dfsg-9

CVSS scores

Source	Version	Severity	Vector
osv	CVSS 3.1	HIGH7.5	CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

References (1)

ADVISORYhttps://security-tracker.debian.org/tracker/CVE-2016-10211