An integer overflow and several buffer overflow reads in libyara/modules/macho/macho.c in YARA v4.0.3 and earlier could allow an attacker to either cause denial of service or information disclosure via a malicious Mach-O file. Affects all versions before libyara 4.0.4
References
Link | Resource |
---|---|
https://bugzilla.redhat.com/show_bug.cgi?id=1930175 | Issue Tracking Third Party Advisory |
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/FKNXSH5ERG6NELTXCYVJLUPJJJ2TNEBD/ | |
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/XXM224OLGI6KAOROLDPPGGCZ2OQVQ6HH/ | |
https://www.openwall.com/lists/oss-security/2021/01/29/2 | Exploit Mailing List Third Party Advisory |
https://www.x41-dsec.de/lab/advisories/x41-2021-001-yara/ | Exploit Third Party Advisory |
History
No history.
MITRE Information
Status: PUBLISHED
Assigner: redhat
Published: 2021-05-14T20:05:25
Updated: 2021-05-14T20:05:50
Reserved: 2021-02-08T00:00:00
Link: CVE-2021-3402
JSON object: View
NVD Information
Status : Modified
Published: 2021-05-14T21:15:07.537
Modified: 2023-11-07T03:37:58.917
Link: CVE-2021-3402
JSON object: View
Redhat Information
No data.
CWE