PT-2017-11927 · Yara · Yara
Jurriaan Bremer
·
Published
2017-07-14
·
Updated
2026-03-09
·
CVE-2017-11328
CVSS v3.1
5.5
Medium
| Vector | AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H |
Name of the Vulnerable Software and Affected Versions
YARA versions 3.x
Description
A heap buffer overflow issue exists in the yr object array set item() function, located in object.c, which can be triggered by scanning a maliciously crafted .NET file, leading to a denial-of-service attack.
Recommendations
For YARA version 3.x, update to a version that includes a fix for the heap buffer overflow issue in the yr object array set item() function.
Fix
DoS
Buffer Overflow
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Yara