CVE-2017-11328

Heap buffer overflow in the yrobjectarraysetitem() function in object.c in YARA 3.x allows a denial-of-service attack by scanning a crafted .NET file.

References

https://github.com/VirusTotal/yara/commit/4a342f01e5439b9bb901aff1c6c23c536baeeb3f

Affected packages

Git / github.com/virustotal/yara

Affected ranges

Type: GIT
Repo: https://github.com/virustotal/yara
Events: Introduced

0 Unknown introduced commit / All previous commits are affected

Fixed

4a342f01e5439b9bb901aff1c6c23c536baeeb3f

Affected versions

v2.*

v2.0.0

v2.1.0

v3.*

v3.0.0

v3.1.0

v3.2.0

v3.3.0

v3.4.0

v3.6.0

Database specific

vanir_signatures

[
    {
        "signature_type": "Function",
        "digest": {
            "length": 988.0,
            "function_hash": "324705777057782691895313934710125693065"
        },
        "source": "https://github.com/virustotal/yara/commit/4a342f01e5439b9bb901aff1c6c23c536baeeb3f",
        "target": {
            "function": "yr_object_array_set_item",
            "file": "libyara/object.c"
        },
        "id": "CVE-2017-11328-34964def",
        "signature_version": "v1",
        "deprecated": false
    },
    {
        "signature_type": "Function",
        "digest": {
            "length": 3315.0,
            "function_hash": "45076557500668251299605077535754881191"
        },
        "source": "https://github.com/virustotal/yara/commit/4a342f01e5439b9bb901aff1c6c23c536baeeb3f",
        "target": {
            "function": "test_modules",
            "file": "tests/test-rules.c"
        },
        "id": "CVE-2017-11328-40ac8f76",
        "signature_version": "v1",
        "deprecated": false
    },
    {
        "signature_type": "Line",
        "digest": {
            "line_hashes": [
                "114913046958087037718737152000800856168",
                "303402493744293866833559025193350100384",
                "284804116677005452746888165511938534822",
                "281920856999173747992864627079310810405"
            ],
            "threshold": 0.9
        },
        "source": "https://github.com/virustotal/yara/commit/4a342f01e5439b9bb901aff1c6c23c536baeeb3f",
        "target": {
            "file": "libyara/modules/tests.c"
        },
        "id": "CVE-2017-11328-b368e98f",
        "signature_version": "v1",
        "deprecated": false
    },
    {
        "signature_type": "Line",
        "digest": {
            "line_hashes": [
                "51759771513933441557698857444080657358",
                "147414800417924708319395375809106822783",
                "267171099067606627017360805785063548730",
                "334385867148318352307733500909017573396",
                "160545568683887489416728219391902486873",
                "244245833980470298784494367257278772235",
                "236410404055015517282616548381445990746",
                "123748021024583038745410962062165420429"
            ],
            "threshold": 0.9
        },
        "source": "https://github.com/virustotal/yara/commit/4a342f01e5439b9bb901aff1c6c23c536baeeb3f",
        "target": {
            "file": "libyara/object.c"
        },
        "id": "CVE-2017-11328-d4f727c1",
        "signature_version": "v1",
        "deprecated": false
    },
    {
        "signature_type": "Function",
        "digest": {
            "length": 934.0,
            "function_hash": "35304141080675584566892846950097265725"
        },
        "source": "https://github.com/virustotal/yara/commit/4a342f01e5439b9bb901aff1c6c23c536baeeb3f",
        "target": {
            "function": "module_load",
            "file": "libyara/modules/tests.c"
        },
        "id": "CVE-2017-11328-eabc765f",
        "signature_version": "v1",
        "deprecated": false
    }
]