CVE-2021-45429

A Buffer Overflow vulnerablity exists in VirusTotal YARA git commit: 605b2edf07ed8eb9a2c61ba22eb2e7c362f47ba7 via yrsetconfiguration in yara/libyara/libyara.c, which could cause a Denial of Service.

References

https://github.com/VirusTotal/yara/issues/1616

Affected packages

Git / github.com/virustotal/yara

Affected ranges

Type

GIT

Repo

https://github.com/virustotal/yara

Events

Introduced

Last affected

b99a808cf9955090b909c72d6a0da5295c3cbc7c

Database specific

{
    "cpe": "cpe:2.3:a:virustotal:yara:*:*:*:*:*:*:*:*",
    "extracted_events": [
        {
            "introduced": "0"
        },
        {
            "last_affected": "4.1.3"
        }
    ],
    "source": "CPE_FIELD"
}

Affected versions

v2.*

v2.0.0

v2.1.0

v3.*

v3.0.0

v3.1.0

v3.10.0

v3.10.0-rc1

v3.11.0

v3.2.0

v3.3.0

v3.4.0

v3.6.0

v3.7.0

v3.8.0

v3.8.1

v3.9.0

v4.*

v4.0.0

v4.0.0-rc1

v4.0.0-rc2

v4.0.0-rc3

v4.0.1

v4.0.2

v4.1.0

v4.1.0-rc1

v4.1.0-rc2

v4.1.1

v4.1.2

v4.1.3

Database specific

source

"https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2021-45429.json"