Buffer Overflow vulnerability in VirusTotal yara v.4.3.2 allows a remote attacker to execute arbtirary code via the yr_execute_cod function in the exe.c component. https://github.com/VirusTotal/yara/issues/1945
As per upstream discussion this is not security issue or even a normal issue, Untrusted yara rules not supported by its design. See, https://github.com/VirusTotal/yara/issues/1948 https://github.com/VirusTotal/yara/issues/891
Created yara tracking bugs for this issue: Affects: epel-all [bug 2235772] Affects: fedora-all [bug 2235773]
The Insights Malware app only supports running the rules file we provide to the customer. We ensure the rules file we provide runs without failure by yara is not corrupted. We can't do much about customers choosing to run their own rules files and crashing yara if the rules file they provide is corrupt. That is not supported by the malware app. And it also seems that the Yara maintainers themselves see this as a problem they are willing to accept and won't be fixing. The upstream issue mentioned in the first comment - https://github.com/VirusTotal/yara/issues/1945 - has been closed as essentially WONTFIX. As a result, I'm going to close the bugzilla WONTFIX as well.