YARA 3.5.0 libyara/lexer.l yy_get_next_buffer null pointer dereference
A vulnerability has been found in YARA 3.5.0 and classified as problematic. Affected by this vulnerability is the function
yy_get_next_buffer of the file libyara/lexer.l. The manipulation leads to null pointer dereference. The CWE definition for the vulnerability is CWE-476. The bug was discovered 12/06/2016. The weakness was shared 04/03/2017 as FEDORA-2017-11ac1e31eb (GitHub Repository). The advisory is shared at github.com.
This vulnerability is known as CVE-2016-10210. The attack can be launched remotely. Technical details are available. There is no exploit available. The price for an exploit might be around USD $0-$5k at the moment.
It is declared as not defined. The vulnerability was handled as a non-public zero-day exploit for at least 118 days. We expect the 0-day to have been worth approximately $0-$5k. The vulnerability scanner Nessus provides a plugin with the ID 99743 (Fedora 25 : yara (2017-11ac1e31eb)), which helps to determine the existence of the flaw in a target environment. The commercial vulnerability scanner Qualys is able to test this issue with plugin 276739 (Fedora Security Update for yara (FEDORA-2017-5c55ef46ee)).
The bugfix is ready for download at github.com. It is recommended to upgrade the affected component. A possible mitigation has been published 4 weeks after the disclosure of the vulnerability.
The vulnerability is also documented other vulnerability databases: SecurityFocus (BID 98077) and Tenable (99743).
Do you know our Splunk app?
Download it now for free!