Vulnerability Details CVE-2017-11328
Heap buffer overflow in the yr_object_array_set_item() function in object.c in YARA 3.x allows a denial-of-service attack by scanning a crafted .NET file.
Exploit prediction scoring system (EPSS) score
EPSS Score 0.002
EPSS Ranking 41.5%
CVSS Severity
CVSS v3 Score 5.5
CVSS v2 Score 4.3
References
Products affected by CVE-2017-11328
-
cpe:2.3:a:virustotal:yara:3.0.0
-
cpe:2.3:a:virustotal:yara:3.1.0
-
cpe:2.3:a:virustotal:yara:3.2.0
-
cpe:2.3:a:virustotal:yara:3.3.0
-
cpe:2.3:a:virustotal:yara:3.4.0
-
cpe:2.3:a:virustotal:yara:3.5.0
-
cpe:2.3:a:virustotal:yara:3.6.0
-
cpe:2.3:a:virustotal:yara:3.6.1
-
cpe:2.3:a:virustotal:yara:3.6.2
-
cpe:2.3:a:virustotal:yara:3.6.3