CVE-2017-11328

Heap buffer overflow in the yrobjectarraysetitem() function in object.c in YARA 3.x allows a denial-of-service attack by scanning a crafted .NET file.

References

https://github.com/VirusTotal/yara/commit/4a342f01e5439b9bb901aff1c6c23c536baeeb3f

Affected packages

Git / github.com/virustotal/yara

Affected ranges

Type: GIT
Repo: https://github.com/virustotal/yara
Events: Introduced

0 Unknown introduced commit / All previous commits are affected

Fixed

4a342f01e5439b9bb901aff1c6c23c536baeeb3f

Affected versions

v2.*

v2.0.0

v2.1.0

v3.*

v3.0.0

v3.1.0

v3.2.0

v3.3.0

v3.4.0

v3.6.0

Database specific

vanir_signatures

[
    {
        "digest": {
            "function_hash": "324705777057782691895313934710125693065",
            "length": 988.0
        },
        "id": "CVE-2017-11328-34964def",
        "signature_version": "v1",
        "target": {
            "file": "libyara/object.c",
            "function": "yr_object_array_set_item"
        },
        "source": "https://github.com/virustotal/yara/commit/4a342f01e5439b9bb901aff1c6c23c536baeeb3f",
        "deprecated": false,
        "signature_type": "Function"
    },
    {
        "digest": {
            "function_hash": "45076557500668251299605077535754881191",
            "length": 3315.0
        },
        "id": "CVE-2017-11328-40ac8f76",
        "signature_version": "v1",
        "target": {
            "file": "tests/test-rules.c",
            "function": "test_modules"
        },
        "source": "https://github.com/virustotal/yara/commit/4a342f01e5439b9bb901aff1c6c23c536baeeb3f",
        "deprecated": false,
        "signature_type": "Function"
    },
    {
        "digest": {
            "line_hashes": [
                "114913046958087037718737152000800856168",
                "303402493744293866833559025193350100384",
                "284804116677005452746888165511938534822",
                "281920856999173747992864627079310810405"
            ],
            "threshold": 0.9
        },
        "id": "CVE-2017-11328-b368e98f",
        "signature_version": "v1",
        "target": {
            "file": "libyara/modules/tests.c"
        },
        "source": "https://github.com/virustotal/yara/commit/4a342f01e5439b9bb901aff1c6c23c536baeeb3f",
        "deprecated": false,
        "signature_type": "Line"
    },
    {
        "digest": {
            "line_hashes": [
                "51759771513933441557698857444080657358",
                "147414800417924708319395375809106822783",
                "267171099067606627017360805785063548730",
                "334385867148318352307733500909017573396",
                "160545568683887489416728219391902486873",
                "244245833980470298784494367257278772235",
                "236410404055015517282616548381445990746",
                "123748021024583038745410962062165420429"
            ],
            "threshold": 0.9
        },
        "id": "CVE-2017-11328-d4f727c1",
        "signature_version": "v1",
        "target": {
            "file": "libyara/object.c"
        },
        "source": "https://github.com/virustotal/yara/commit/4a342f01e5439b9bb901aff1c6c23c536baeeb3f",
        "deprecated": false,
        "signature_type": "Line"
    },
    {
        "digest": {
            "function_hash": "35304141080675584566892846950097265725",
            "length": 934.0
        },
        "id": "CVE-2017-11328-eabc765f",
        "signature_version": "v1",
        "target": {
            "file": "libyara/modules/tests.c",
            "function": "module_load"
        },
        "source": "https://github.com/virustotal/yara/commit/4a342f01e5439b9bb901aff1c6c23c536baeeb3f",
        "deprecated": false,
        "signature_type": "Function"
    }
]

source

"https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2017-11328.json"