Aikido Intel
Secure My Code
Intel

AIKIDO-2026-10316

github.com/virustotal/yara-x/go is vulnerable to Use After Free

Use After Free Pre-CVE
Found by Aikido Intel before public disclosure or CVE publication.
Published Mar 10, 2026

55

Medium Risk

This Affects:

GOgithub.com/virustotal/yara-x/go
0.0.1 - 1.12.0
Fixed in 1.13.0
Are you affected? Scan for Free

TL;DR

Affected versions of this package contain a use-after-free vulnerability in the block scanning API. The finish() method can trigger a lazy call to search_for_patterns(), which accesses memory referenced by ScanState::ScanningBlock after it has already been deallocated. This causes crashes or undefined behavior when scanning blocks in a loop, as each block's data is dropped before finish() is called. The patch fixes this by resetting the scan state to Idle after each block scan and managing the pattern_search_done flag explicitly in the host context.

Who does this affect?

You are affected if you are using a version that falls within the vulnerable range.

Background info

github.com/virustotal/yara-x/go is vulnerable to Use After Free in versions 0.0.1 - 1.12.0.

How to fix this

Upgrade the github.com/virustotal/yara-x/go library to the patch version.

Links

Are You Affected?

Connect your repositories to instantly see whether vulnerable or malicious packages exist in your codebase.

Scan for Free
Book a Demo

Free. No credit card required.

Aikido Platform
Subscribe
Stay up to date with all updates
LinkedIn YouTube X
© 2026 Aikido Security BV | BE0792914919
Ghent, Belgium | San Francisco, US
SOC 2SOC 2Compliant
ISO 27001ISO 27001Compliant
Get Security Done