ID CVE-2016-10211
Summary libyara/grammar.y in YARA 3.5.0 allows remote attackers to cause a denial of service (use-after-free and application crash) via a crafted rule that is mishandled in the yr_parser_lookup_loop_variable function.
References
Vulnerable Configurations
  • cpe:2.3:a:virustotal:yara:3.5.0
    cpe:2.3:a:virustotal:yara:3.5.0
CVSS
Base: 5.0 (as of 07-04-2017 - 16:11)
Impact:
Exploitability:
CWE CWE-416
CAPEC
Access
VectorComplexityAuthentication
NETWORK LOW NONE
Impact
ConfidentialityIntegrityAvailability
NONE NONE PARTIAL
nessus via4
  • NASL family Fedora Local Security Checks
    NASL id FEDORA_2017-2E94C7B518.NASL
    description Security fix CVE-2016-10210 CVE-2016-10211 CVE-2017-5923 CVE-2017-5924 Note that Tenable Network Security has extracted the preceding description block directly from the Fedora update system website. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen 2019-02-21
    modified 2018-02-01
    plugin id 101599
    published 2017-07-17
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=101599
    title Fedora 26 : yara (2017-2e94c7b518)
  • NASL family Fedora Local Security Checks
    NASL id FEDORA_2017-9941306740.NASL
    description Security fix CVE-2016-10210 CVE-2016-10211 CVE-2017-5923 CVE-2017-5924 Note that Tenable Network Security has extracted the preceding description block directly from the Fedora update system website. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen 2019-02-21
    modified 2018-02-02
    plugin id 99744
    published 2017-05-01
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=99744
    title Fedora 24 : yara (2017-9941306740)
  • NASL family Fedora Local Security Checks
    NASL id FEDORA_2017-11AC1E31EB.NASL
    description Security fix CVE-2016-10210 CVE-2016-10211 CVE-2017-5923 CVE-2017-5924 Note that Tenable Network Security has extracted the preceding description block directly from the Fedora update system website. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen 2019-02-21
    modified 2018-02-01
    plugin id 99743
    published 2017-05-01
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=99743
    title Fedora 25 : yara (2017-11ac1e31eb)
refmap via4
bid 98078
confirm
Last major update 01-05-2017 - 21:59
Published 03-04-2017 - 01:59
Back to Top