CVE-2021-3402
N/A
N/A
Summary
An integer overflow and several buffer overflow reads in libyara/modules/macho/macho.c in YARA v4.0.3 and earlier could allow an attacker to either cause denial of service or information disclosure via a malicious Mach-O file. Affects all versions before libyara 4.0.4
Affected Software
| Vendor | Product | Version Range | Status |
|---|---|---|---|
| n/a | libyara | libyara 4.0.4 | affected |
Weaknesses
- CWE-190: CWE-190
ADP Enrichment
CVE Program Container
Additional References
- https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/XXM224OLGI6KAOROLDPPGGCZ2OQVQ6HH/
- https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/FKNXSH5ERG6NELTXCYVJLUPJJJ2TNEBD/
- https://bugzilla.redhat.com/show_bug.cgi?id=1930175
- https://www.openwall.com/lists/oss-security/2021/01/29/2
- https://www.x41-dsec.de/lab/advisories/x41-2021-001-yara/
References
- https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/XXM224OLGI6KAOROLDPPGGCZ2OQVQ6HH/
- https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/FKNXSH5ERG6NELTXCYVJLUPJJJ2TNEBD/
- https://bugzilla.redhat.com/show_bug.cgi?id=1930175
- https://www.openwall.com/lists/oss-security/2021/01/29/2
- https://www.x41-dsec.de/lab/advisories/x41-2021-001-yara/
Feedback
Was this page helpful?
Glad to hear it! Please tell us how we can improve.
Sorry to hear that. Please tell us how we can improve.