Candidate: CVE-2018-12035
PublicDate: 2018-06-15 16:29:00 UTC
References:
 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-12035
 https://github.com/VirusTotal/yara/issues/891
 https://bnbdr.github.io/posts/swisscheese/
 https://github.com/bnbdr/swisscheese
Description:
 In YARA 3.7.1 and prior, parsing a specially crafted compiled rule file can
 cause an out of bounds write vulnerability in yr_execute_code in
 libyara/exec.c.
Ubuntu-Description:
Notes:
Bugs:
Priority: medium
Discovered-by:
Assigned-to:
CVSS:
 nvd: CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H [7.8 HIGH]


Patches_yara:
upstream_yara: released (3.7.1-3)
precise/esm_yara: DNE
trusty_yara: ignored (reached end-of-life)
trusty/esm_yara: DNE (trusty was needs-triage)
xenial_yara: ignored (end of standard support, was needs-triage)
artful_yara: ignored (reached end-of-life)
bionic_yara: needs-triage
cosmic_yara: not-affected (3.7.1-3)
disco_yara: not-affected (3.7.1-3)
eoan_yara: not-affected (3.7.1-3)
focal_yara: not-affected (3.7.1-3)
groovy_yara: not-affected (3.7.1-3)
hirsute_yara: not-affected (3.7.1-3)
impish_yara: not-affected (3.7.1-3)
jammy_yara: not-affected (3.7.1-3)
devel_yara: not-affected (3.7.1-3)