ALT-PU-2021-1172-1
Closed vulnerabilities
Published: 2021-10-05
Modified: 2023-11-09
Modified: 2023-11-09
BDU:2021-04875
Уязвимость программного обеспечения для исследования и обнаружения вредоносных программ YARA, связанная с целочисленным переполнением, позволяющая нарушителю получить доступ к конфиденциальным данным, а также вызвать отказ в обслуживании
Severity: CRITICAL (9.1)
Vector: AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:H
Severity: MEDIUM (6.4)
Vector: AV:N/AC:L/Au:N/C:P/I:N/A:P
References:
Published: 2021-05-14
Modified: 2024-11-21
Modified: 2024-11-21
CVE-2021-3402
An integer overflow and several buffer overflow reads in libyara/modules/macho/macho.c in YARA v4.0.3 and earlier could allow an attacker to either cause denial of service or information disclosure via a malicious Mach-O file. Affects all versions before libyara 4.0.4
Severity: MEDIUM (6.4)
Vector: AV:N/AC:L/Au:N/C:P/I:N/A:P
Severity: CRITICAL (9.1)
Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:H
References:
- https://bugzilla.redhat.com/show_bug.cgi?id=1930175
- https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/FKNXSH5ERG6NELTXCYVJLUPJJJ2TNEBD/
- https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/XXM224OLGI6KAOROLDPPGGCZ2OQVQ6HH/
- https://www.openwall.com/lists/oss-security/2021/01/29/2
- https://www.x41-dsec.de/lab/advisories/x41-2021-001-yara/
- https://bugzilla.redhat.com/show_bug.cgi?id=1930175
- https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/FKNXSH5ERG6NELTXCYVJLUPJJJ2TNEBD/
- https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/XXM224OLGI6KAOROLDPPGGCZ2OQVQ6HH/
- https://www.openwall.com/lists/oss-security/2021/01/29/2
- https://www.x41-dsec.de/lab/advisories/x41-2021-001-yara/