Integer overflow in libyara/modules/macho/macho.c in yara v4.0.2 and earlier could allow an attacker to either cause denial of service or information disclosure via a malicious Mach-O file.
Acknowledgments: Name: Luis Merino (X41 D-SEC GmbH)
Created yara tracking bugs for this issue: Affects: epel-all [bug 1930177] Affects: fedora-all [bug 1930176]
External References: https://www.openwall.com/lists/oss-security/2021/01/29/2 https://www.x41-dsec.de/lab/advisories/x41-2021-001-yara/
This CVE Bugzilla entry is for community support informational purposes only as it does not affect a package in a commercially supported Red Hat product. Refer to the dependent bugs for status of those individual community products.