Use-after-free in YARA

#VU38995 Use-after-free in YARA

Published: 2017-05-15 | Updated: 2021-01-26

Vulnerability identifier: #VU38995

Vulnerability risk: Medium

CVSSv3.1: 6.5 [CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2017-8929

CWE-ID: CWE-416

Exploitation vector: Network

Exploit availability: No

Vulnerable software:
YARA
Server applications / Server solutions for antivurus protection

Vendor: VirusTotal

Description

The vulnerability allows a remote attacker to compromise vulnerable system.

The vulnerability exists due to a use-after-free error when processing a crafted rule. A remote attackers can cause a denial of service (use-after-free and application crash).

Successful exploitation of the vulnerability may allow an attacker to compromise vulnerable system.

Mitigation
Install update from vendor's website.

Vulnerable software versions

YARA: 3.5.0

External links
http://github.com/VirusTotal/yara/commit/053e67e3ec81cc9268ce30eaf0d6663d8639ed1e
http://github.com/VirusTotal/yara/issues/658

Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

Latest bulletins with this vulnerability

Multiple vulnerabilities in VirusTotal YARA