{"id":"CVE-2017-11328","details":"Heap buffer overflow in the yr_object_array_set_item() function in object.c in YARA 3.x allows a denial-of-service attack by scanning a crafted .NET file.","modified":"2026-04-11T03:56:50.219512Z","published":"2017-07-17T13:18:20.173Z","references":[{"type":"ADVISORY","url":"https://github.com/VirusTotal/yara/commit/4a342f01e5439b9bb901aff1c6c23c536baeeb3f"}],"affected":[{"ranges":[{"type":"GIT","repo":"https://github.com/virustotal/yara","events":[{"introduced":"0"},{"last_affected":"8e851260c31a678b89034d084c318bc12b67f7df"},{"introduced":"0"},{"last_affected":"3462b7f16a08064d9fe3abb7003cf852267bc00a"},{"introduced":"0"},{"last_affected":"344d27aec8dfa2ee9fc118365d5bb8cbb9a1c619"},{"introduced":"0"},{"last_affected":"83d531cb13cf5fd7f1658994dcee3abb1be0aec2"},{"introduced":"0"},{"last_affected":"040db952d484dea406ed7d4e622f7b8ba9b683cb"},{"introduced":"0"},{"last_affected":"c8571453e39913267e7042096d03bee040409b9a"},{"introduced":"0"},{"last_affected":"0dfe1e8fa2db7cbcef01d398943ec7730071ba84"},{"introduced":"0"},{"last_affected":"76cae33466f715fb3004082f00e3c06df028a1f8"},{"introduced":"0"},{"last_affected":"1f519c7affff585df7cfd9243428005791fe9fc3"},{"introduced":"0"},{"last_affected":"06589f77ecfc6554f3a419255fe910ae3c503399"},{"fixed":"4a342f01e5439b9bb901aff1c6c23c536baeeb3f"}],"database_specific":{"versions":[{"introduced":"0"},{"last_affected":"3.0.0"},{"introduced":"0"},{"last_affected":"3.1.0"},{"introduced":"0"},{"last_affected":"3.2.0"},{"introduced":"0"},{"last_affected":"3.3.0"},{"introduced":"0"},{"last_affected":"3.4.0"},{"introduced":"0"},{"last_affected":"3.5.0"},{"introduced":"0"},{"last_affected":"3.6.0"},{"introduced":"0"},{"last_affected":"3.6.1"},{"introduced":"0"},{"last_affected":"3.6.2"},{"introduced":"0"},{"last_affected":"3.6.3"}]}}],"versions":["v2.0.0","v2.1.0","v3.0.0","v3.1.0","v3.2.0","v3.3.0","v3.4.0","v3.5.0","v3.6.0","v3.6.1","v3.6.2","v3.6.3"],"database_specific":{"vanir_signatures_modified":"2026-04-11T03:56:50Z","source":"https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2017-11328.json","vanir_signatures":[{"signature_version":"v1","digest":{"function_hash":"324705777057782691895313934710125693065","length":988},"target":{"function":"yr_object_array_set_item","file":"libyara/object.c"},"source":"https://github.com/virustotal/yara/commit/4a342f01e5439b9bb901aff1c6c23c536baeeb3f","deprecated":false,"signature_type":"Function","id":"CVE-2017-11328-34964def"},{"signature_version":"v1","digest":{"function_hash":"45076557500668251299605077535754881191","length":3315},"target":{"function":"test_modules","file":"tests/test-rules.c"},"source":"https://github.com/virustotal/yara/commit/4a342f01e5439b9bb901aff1c6c23c536baeeb3f","deprecated":false,"signature_type":"Function","id":"CVE-2017-11328-40ac8f76"},{"signature_version":"v1","digest":{"threshold":0.9,"line_hashes":["114913046958087037718737152000800856168","303402493744293866833559025193350100384","284804116677005452746888165511938534822","281920856999173747992864627079310810405"]},"target":{"file":"libyara/modules/tests.c"},"source":"https://github.com/virustotal/yara/commit/4a342f01e5439b9bb901aff1c6c23c536baeeb3f","deprecated":false,"signature_type":"Line","id":"CVE-2017-11328-b368e98f"},{"signature_version":"v1","digest":{"threshold":0.9,"line_hashes":["51759771513933441557698857444080657358","147414800417924708319395375809106822783","267171099067606627017360805785063548730","334385867148318352307733500909017573396","160545568683887489416728219391902486873","244245833980470298784494367257278772235","236410404055015517282616548381445990746","123748021024583038745410962062165420429"]},"target":{"file":"libyara/object.c"},"source":"https://github.com/virustotal/yara/commit/4a342f01e5439b9bb901aff1c6c23c536baeeb3f","deprecated":false,"signature_type":"Line","id":"CVE-2017-11328-d4f727c1"},{"signature_version":"v1","digest":{"function_hash":"35304141080675584566892846950097265725","length":934},"target":{"function":"module_load","file":"libyara/modules/tests.c"},"source":"https://github.com/virustotal/yara/commit/4a342f01e5439b9bb901aff1c6c23c536baeeb3f","deprecated":false,"signature_type":"Function","id":"CVE-2017-11328-eabc765f"}]}}],"schema_version":"1.7.5","severity":[{"type":"CVSS_V3","score":"CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H"}]}