Skip to content

@plusvic plusvic released this Jun 26, 2020 · 59 commits to master since this release

BUGFIX: Use-after-free bug in PE module (#1287).
BUGFIX: Incorrect errors in rules when a single rule is badly formatted (#1294).
BUGFIX: Assertion failed with rules that have invalid syntax (#1295).
BUGFIX: Integer overflow causing missed matches on files larger than 2GB (#1304).
BUGFIX: Crashes in Mac OS while scanning binaries with a signature that can't be verified (#1309).

Assets 4

@plusvic plusvic released this May 15, 2020 · 82 commits to master since this release

  • Update sandboxed API (#1276)
  • BUGFIX: Fix regression in exports parsing in PE module (2bf67e6)
  • BUGFIX: Fix unaligned accesses in ARM (e1654ae)
Assets 4

@plusvic plusvic released this Apr 29, 2020

Assets 4
Mar 26, 2020
Mar 24, 2020
Mar 24, 2020

@plusvic plusvic released this Oct 10, 2019

  • Duplicated string modifiers are now an error.
  • More flexible “xor” modifier.
  • Implement “private” strings (#1096)
  • Add “field_offsets” to “dotnet” module.
  • Implement “crc32” functions in “hash” module.
  • Improvements to “rich_signature” functions in “pe” module.
  • Implement sandboxed API using SAPI
  • BUGFIX: Some regexp character classes not matching correctly when used with “nocase” modifier (#1117)
  • BUGFIX: Reduce the number of ERROR_TOO_MANY_RE_FIBERS errors for certain hex pattern containing large jumps (#1107)
  • BUGFIX: Buffer overrun in “dotnet” module (#1108)
  • BUGFIX: Segfault in certain Windows versions (#1068)
  • BUGFIX: Memory leak while attaching to a process fails (#1070)
Assets 4

@plusvic plusvic released this May 2, 2019

  • Optimize integer range loops by exiting earlier when possible.
  • Cache the result of PE module’s imphash function in order to improve performance.
  • Harden virtual machine against malicious code.
  • BUGFIX: “xor” modifier not working as expected if not accompanied by “ascii” (#1053).
  • BUGFIX: \s and \S character classes in regular expressions now include vertical tab, new line, carriage return and form feed characters.
  • BUGFIX: Regression bug in hex strings containing wildcards (#1025).
  • BUGFIX: Buffer overrun in “elf” module.
  • BUGFIX: Buffer overrun in “dotnet” module.
Assets 4

@plusvic plusvic released this Feb 22, 2019 · 463 commits to master since this release

  • Improve scan performance for certain strings.
  • Reduce stack usage.
  • Prevent inadvertent use of compiled rules by forcing the use of -C when using yara command-line tool.
  • BUGFIX: Buffer overflow in "dotnet" module.
  • BUGFIX: Internal error when running multiple instances of YARA in Mac OS X. (#945)
  • BUGFIX: Regexp regression when using nested quantifiers {x,y} for certain values of x and y. (#1018)
  • BUGFIX: High RAM consumption in "pe" module while parsing certain files.(0c8b461)
  • BUGFIX: Denial of service when using "dex" module. Found by the Cisco Talos team. (#1023)
  • BUGFIX: Issues with comments inside hex strings.

Refer to the documentation for information on how to build and install YARA.

Assets 4

@plusvic plusvic released this Aug 16, 2018 · 559 commits to master since this release

  • BUGFIX: Some combinations of boolean command-line flags were broken in version 3.8.0.
  • BUGFIX: While reporting errors that occur at the end of the file, the file name appeared as null.
  • BUGFIX: dex module now works in big-endian architectures.
  • BUGFIX: Keep ABI compatibility by keeping deprecated functions visible.

Refer to the documentation for information on how to build and install YARA.

Assets 4
You can’t perform that action at this time.