Medium severity5.5NVD Advisory· Published Jul 17, 2017· Updated May 13, 2026

CVE-2017-11328

Description

Heap buffer overflow in the yr_object_array_set_item() function in object.c in YARA 3.x allows a denial-of-service attack by scanning a crafted .NET file.

Affected products

Virustotal/Yara10 versions
cpe:2.3:a:virustotal:yara:3.0.0:*:*:*:*:*:*:*+ 9 more
- cpe:2.3:a:virustotal:yara:3.0.0:*:*:*:*:*:*:*
- cpe:2.3:a:virustotal:yara:3.1.0:*:*:*:*:*:*:*
- cpe:2.3:a:virustotal:yara:3.2.0:*:*:*:*:*:*:*
- cpe:2.3:a:virustotal:yara:3.3.0:*:*:*:*:*:*:*
- cpe:2.3:a:virustotal:yara:3.4.0:*:*:*:*:*:*:*
- cpe:2.3:a:virustotal:yara:3.5.0:*:*:*:*:*:*:*
- cpe:2.3:a:virustotal:yara:3.6.0:*:*:*:*:*:*:*
- cpe:2.3:a:virustotal:yara:3.6.1:*:*:*:*:*:*:*
- cpe:2.3:a:virustotal:yara:3.6.2:*:*:*:*:*:*:*
- cpe:2.3:a:virustotal:yara:3.6.3:*:*:*:*:*:*:*

Patches

No patches discovered yet.

Vulnerability mechanics

AI mechanics synthesis has not run for this CVE yet.

References

github.com/VirusTotal/yara/commit/4a342f01e5439b9bb901aff1c6c23c536baeeb3fnvdThird Party Advisory

News mentions

No linked articles in our index yet.

cvss	0.358
epss	0.000
exploit	0.000
kev	0.000
patch	0.000
ransomware	0.000