Heap buffer overflow in the yrobjectarraysetitem() function in object.c in YARA 3.x allows a denial-of-service attack by scanning a crafted .NET file.
{ "vanir_signatures": [ { "id": "CVE-2017-11328-34964def", "signature_type": "Function", "target": { "file": "libyara/object.c", "function": "yr_object_array_set_item" }, "digest": { "function_hash": "324705777057782691895313934710125693065", "length": 988.0 }, "source": "https://github.com/virustotal/yara/commit/4a342f01e5439b9bb901aff1c6c23c536baeeb3f", "signature_version": "v1", "deprecated": false }, { "id": "CVE-2017-11328-40ac8f76", "signature_type": "Function", "target": { "file": "tests/test-rules.c", "function": "test_modules" }, "digest": { "function_hash": "45076557500668251299605077535754881191", "length": 3315.0 }, "source": "https://github.com/virustotal/yara/commit/4a342f01e5439b9bb901aff1c6c23c536baeeb3f", "signature_version": "v1", "deprecated": false }, { "id": "CVE-2017-11328-b368e98f", "signature_type": "Line", "target": { "file": "libyara/modules/tests.c" }, "digest": { "line_hashes": [ "114913046958087037718737152000800856168", "303402493744293866833559025193350100384", "284804116677005452746888165511938534822", "281920856999173747992864627079310810405" ], "threshold": 0.9 }, "source": "https://github.com/virustotal/yara/commit/4a342f01e5439b9bb901aff1c6c23c536baeeb3f", "signature_version": "v1", "deprecated": false }, { "id": "CVE-2017-11328-d4f727c1", "signature_type": "Line", "target": { "file": "libyara/object.c" }, "digest": { "line_hashes": [ "51759771513933441557698857444080657358", "147414800417924708319395375809106822783", "267171099067606627017360805785063548730", "334385867148318352307733500909017573396", "160545568683887489416728219391902486873", "244245833980470298784494367257278772235", "236410404055015517282616548381445990746", "123748021024583038745410962062165420429" ], "threshold": 0.9 }, "source": "https://github.com/virustotal/yara/commit/4a342f01e5439b9bb901aff1c6c23c536baeeb3f", "signature_version": "v1", "deprecated": false }, { "id": "CVE-2017-11328-eabc765f", "signature_type": "Function", "target": { "file": "libyara/modules/tests.c", "function": "module_load" }, "digest": { "function_hash": "35304141080675584566892846950097265725", "length": 934.0 }, "source": "https://github.com/virustotal/yara/commit/4a342f01e5439b9bb901aff1c6c23c536baeeb3f", "signature_version": "v1", "deprecated": false } ] }