OSV-2020-508

See a problem?

Import Source

https://github.com/google/oss-fuzz-vulns/blob/main/vulns/yara/OSV-2020-508.yaml

JSON Data

https://api.osv.dev/v1/vulns/OSV-2020-508

Published

2020-07-01T00:00:13.673641Z

Modified

2022-04-13T03:04:42.212292Z

Summary

Use-of-uninitialized-value in pe_rva_to_offset

Details

OSS-Fuzz report: https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=19003

Crash type: Use-of-uninitialized-value
Crash state:
pe_rva_to_offset
dotnet_parse_tilde_2
dotnet_parse_tilde

References

https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=19003

Affected packages

OSS-Fuzz / yara

Package

Name: yara
Purl: pkg:generic/yara

Affected ranges

Type: GIT
Repo: https://github.com/VirusTotal/yara.git
Events: Introduced

49a0045c841b909e2fbf9a7ad7c45c48b3aae32b

Fixed

f79be4f2330f4b89ea2f42e1c44ca998c59a0c0f

Affected versions

v3.*

v3.11.0

Ecosystem specific

{
    "severity": "MEDIUM",
    "introduced_range": "4df40fca364a8fdf29b2f84b2abac26cd16ca75f:4bdad16c167de43c407c330b2714cc5d98e04491",
    "fixed_range": "1e403e9259a1abedf108ab86f711ba52c907226d:f79be4f2330f4b89ea2f42e1c44ca998c59a0c0f"
}