Library yara has vulnerability CVE-2021-45429

Question

Library yara has vulnerability CVE-2021-45429

Opened this issue 4 months ago · 1 comments

https://nvd.nist.gov/vuln/detail/CVE-2021-45429

A Buffer Overflow vulnerablity exists in VirusTotal YARA git commit: 605b2edf07ed8eb9a2c61ba22eb2e7c362f47ba7 via yr_set_configuration in yara/libyara/libyara.c, which could cause a Denial of Service.

Answer 1 · 2024-02-23T14:08:21.000Z

I think this is an error in the NVD database. I can see that they are marking the affected versions from 4.2.0 up to 4.3.2, but the fix has been present since 4.2.0-rc1 (VirusTotal/yara@a36b497).

We also did already handle this in the past: #7861