Описание
An integer overflow and several buffer overflow reads in libyara/modules/macho/macho.c in YARA v4.0.3 and earlier could allow an attacker to either cause denial of service or information disclosure via a malicious Mach-O file. Affects all versions before libyara 4.0.4
Пакеты
| Пакет | Статус | Версия исправления | Релиз | Тип |
|---|---|---|---|---|
| yara | fixed | 4.0.4-1 | package | |
| yara | no-dsa | buster | package | |
| yara | postponed | stretch | package |
Примечания
https://www.openwall.com/lists/oss-security/2021/01/29/2
https://www.x41-dsec.de/lab/advisories/x41-2021-001-yara/
EPSS
Связанные уязвимости
An integer overflow and several buffer overflow reads in libyara/modules/macho/macho.c in YARA v4.0.3 and earlier could allow an attacker to either cause denial of service or information disclosure via a malicious Mach-O file. Affects all versions before libyara 4.0.4
An integer overflow and several buffer overflow reads in libyara/modules/macho/macho.c in YARA v4.0.3 and earlier could allow an attacker to either cause denial of service or information disclosure via a malicious Mach-O file. Affects all versions before libyara 4.0.4
An integer overflow and several buffer overflow reads in libyara/modules/macho/macho.c in YARA v4.0.3 and earlier could allow an attacker to either cause denial of service or information disclosure via a malicious Mach-O file. Affects all versions before libyara 4.0.4
Уязвимость программного обеспечения для исследования и обнаружения вредоносных программ YARA, связанная с целочисленным переполнением, позволяющая нарушителю получить доступ к конфиденциальным данным, а также вызвать отказ в обслуживании
EPSS