Skip to content

YARA v4.5.0

Compare
Choose a tag to compare
@plusvic plusvic released this 13 Feb 11:40
· 78 commits to master since this release
  • Unreferenced strings are allowed if their identifier start with _ (#1941)
  • New command-line option --disable-console-logs for disabling the output of the console module (#1915)
  • New command-line option --strict-escape that raises warnings on unknown escape sequences (#1880).
  • Improve performance by avoiding the execution of rule conditions that can't match (#1927)
  • Add callback message CALLBACK_MSG_TOO_SLOW_SCANNING for notifying about slow rules (#1921).
  • Expose function RVA in pe.export_details(#1882).
  • BUGFIX: Fix issues in the computation of imphash in pe module (#1944). Credits to the NSHC ThreatRecon team!
    BUGFIX: Fix multiple out-of-bound memory reads in dex module (#1949, #1951).
  • BUGFIX: Fix memory alignment issues (#1930).
  • BUGFIX: Some strings with the wide and ascii modifiers not matching as they should (#1933).
  • BUGFIX: Some rules not matching when --fast-scan is used (4de3d57)
  • BUGFIX: Properly list memory regions while scanning processes in Mac OS. (#2033)
  • BUGFIX: RFC5652 countersignatures are now correctly parsed in pe module (#2034)
  • BUGFIX: Fix potential DoS due to crashes in authenticode parser with malformed files (#2034) CVE-2024-26364. Credits to Bahaa Naamneh!
  • BUGFIX: Fix SIGSEGV in magic module when libmagic returns null pointer (3342aa0)
  • BUGFIX: Prevent infinite recursion while following symlinks (923368e)

Thanks to: @mgoffin, @wxsBSD, @cblichmann, @secDre4mer, @vthib, @regeciovad, @kylereedmsft, @TommYDeeee, @humpalum, @metthal