SB2018080808 - Multiple vulnerabilities in YARA

CSH
CYBERSECURITY HELP
Sign In REGISTER

Main Vulnerability Database SB2018080808

SB2018080808 - Multiple vulnerabilities in YARA

Published: August 8, 2018

Security Bulletin ID SB2018080808
Severity
High
Patch available
YES
Number of vulnerabilities 2
Exploitation vector Remote access
Highest impact Code execution

Breakdown by Severity

Low 100%
  • Low
  • Medium
  • High
  • Critical

Description

This security bulletin contains information about 2 secuirty vulnerabilities.


1) Information disclosure (CVE-ID: CVE-2018-12034)

The vulnerability allows a remote attacker to obtain potentially sensitive information.

The vulnerability exists in the yr_execute_code function, as defined in the source code file libyara/exec.c due to out-of-bounds read. A remote attacker can trick the victim into accessing a YARA rule that submits malicious input, trigger memory corruption and gain access to potentially sensitive information.


2) Out-of-bounds write (CVE-ID: CVE-2018-12035)

The vulnerability allows a remote attacker to execute arbitrary code on the target system.

The vulnerability exists in the yr_execute_code function, as defined in the source code file libyara/exec.c due to out-of-bounds write. A remote attacker can trick the victim into accessing a YARA rule that submits malicious input, trigger memory corruption and execute arbitrary code with elevated privileges.

Successful exploitation of the vulnerability may result in system compromise.


Remediation

Install update from vendor's website.

References