mirror of
https://github.com/0xMarcio/cve.git
synced 2026-05-07 17:36:58 +02:00
0xMarcio
729 B
729 B
CVE-2018-19975
Description
In YARA 3.8.1, bytecode in a specially crafted compiled rule can read data from any arbitrary address in memory, in libyara/exec.c. Specifically, OP_COUNT can read a DWORD.
POC
Reference
- https://bnbdr.github.io/posts/extracheese/
- https://github.com/VirusTotal/yara/issues/999
- https://github.com/bnbdr/swisscheese/