YARA 3.5.0 libyara/grammar.y yr_parser_lookup_loop_variable use after free
A vulnerability was found in YARA 3.5.0 and classified as problematic. Affected by this issue is the function
yr_parser_lookup_loop_variable of the file libyara/grammar.y. The manipulation leads to use after free. Using CWE to declare the problem leads to CWE-416. The bug was discovered 12/06/2016. The weakness was published 04/03/2017 as FEDORA-2017-11ac1e31eb (GitHub Repository). The advisory is available at github.com.
This vulnerability is handled as CVE-2016-10211. The attack may be launched remotely. Technical details are available. There is no exploit available. The structure of the vulnerability defines a possible price range of USD $0-$5k at the moment.
It is declared as not defined. The vulnerability was handled as a non-public zero-day exploit for at least 118 days. As 0-day the estimated underground price was around $0-$5k. The vulnerability scanner Nessus provides a plugin with the ID 99743 (Fedora 25 : yara (2017-11ac1e31eb)), which helps to determine the existence of the flaw in a target environment. The commercial vulnerability scanner Qualys is able to test this issue with plugin 276651 (Fedora Security Update for yara (FEDORA-2017-11ac1e31eb)).
The bugfix is ready for download at github.com. It is recommended to upgrade the affected component. A possible mitigation has been published 4 weeks after the disclosure of the vulnerability.
The vulnerability is also documented other vulnerability databases: SecurityFocus (BID 98078) and Tenable (99743).
Interested in the pricing of exploits?
See the underground prices here!