PT-2017-7808 · Yara · Yara
Fumfel
·
Published
2017-04-03
·
Updated
2026-03-09
·
CVE-2016-10211
CVSS v3.1
7.5
High
| Vector | AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H |
Name of the Vulnerable Software and Affected Versions
YARA version 3.5.0
Description
The issue allows remote attackers to cause a denial of service, resulting in a use-after-free and application crash. This occurs when a crafted rule is mishandled in the
yr parser lookup loop variable function.Recommendations
For YARA version 3.5.0, consider avoiding the use of crafted rules that may trigger the
yr parser lookup loop variable function until a patch is available. As a temporary workaround, restrict the use of rules that could potentially cause a denial of service to minimize the risk of exploitation. At the moment, there is no information about a newer version that contains a fix for this vulnerability.Exploit
DoS
Use After Free
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Yara