OSV-2017-84

See a problem?
Import Source
https://github.com/google/oss-fuzz-vulns/blob/main/vulns/yara/OSV-2017-84.yaml
JSON Data
https://api.osv.dev/v1/vulns/OSV-2017-84
Published
2021-01-13T21:57:36.399042Z
Modified
2022-04-13T03:04:42.206560Z
Summary
Heap-buffer-overflow in macho_handle_segment_64_be
Details

OSS-Fuzz report: https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=4382

Crash type: Heap-buffer-overflow READ 8
Crash state:
macho_handle_segment_64_be
macho_parse_file_64_be
macho__load
References

Affected packages

OSS-Fuzz / yara

Package

Name
yara
Purl
pkg:generic/yara

Affected ranges

Type
GIT
Repo
https://github.com/VirusTotal/yara.git
Events
Introduced
0c57f0bd66a118c62e43c0a7da57a3d8134fe168
Fixed
300374fe169ee100320aee70ed9c846650be4b3b

Affected versions

v3.*

v3.7.1

Ecosystem specific 

{
    "severity": "MEDIUM",
    "introduced_range": "a43780c9071e21cfe7bab7223605db29114f20f8:ef44bab295be6f205b1f4c7aa44cb00abc66f024"
}