ID:5098 - Exploit for Out-of-bounds read in YARA
Published: January 29, 2021
Vulnerability identifier: #VU50078
Vulnerability risk: Medium
CVE-ID: N/A
CWE-ID: CWE-125
Exploitation vector: Remote access
Vulnerable software:
YARA
YARA
Link to public exploit:
Vulnerability description
The vulnerability allows a remote attacker to perform a denial of service (DoS) attack.
The vulnerability exists due to a boundary condition within the macho module in macho_parse_file(). A remote attacker can create a specially crafted data to the application and perform a denial of service (DoS) attack.
Remediation
Install updates from vendor's website.