CVE-2021-3402

Name of the Vulnerable Software and Affected Versions YARA versions prior to 4.0.4

Description The issue is related to an integer overflow and several buffer overflow reads in the libyara/modules/macho/macho.c module of YARA. This could allow an attacker to cause denial of service or information disclosure via a malicious Mach-O file. The exploitation of this issue may enable a remote attacker to access confidential data and cause service disruption.

Recommendations For versions prior to 4.0.4, update to version 4.0.4 or later to resolve the issue. As a temporary workaround, consider restricting the use of the macho.c module until a patch is available. Avoid processing malicious or untrusted Mach-O files with affected versions of YARA to minimize the risk of exploitation.