Bug 1214753 (CVE-2023-40857)

Summary: VUL-0: CVE-2023-40857: yara: Buffer Overflow
Product: [openSUSE] openSUSE Backports Reporter: Stoyan Manolov <stoyan.manolov>
Component: PackagesAssignee: Greg Freemyer <Greg.Freemyer>
Status: RESOLVED WONTFIX QA Contact: E-Mail List <packagehub-bugs>
Severity: Normal    
Priority: P3 - Medium CC: security-team, stoyan.manolov
Version: SLE-15-SP5   
Target Milestone: ---   
Hardware: Other   
OS: Other   
URL: https://smash.suse.de/issue/376574/
Whiteboard:
Found By: Security Response Team Services Priority:
Business Priority: Blocker: ---
Marketing QA Status: --- IT Deployment: ---

Description Stoyan Manolov 2023-08-29 15:22:04 UTC 
CVE-2023-40857

Buffer Overflow vulnerability in VirusTotal yara v.4.3.2 allows a remote
attacker to execute arbtirary code via the yr_execute_cod function in the exe.c
component.

References:
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-40857
https://bugzilla.redhat.com/show_bug.cgi?id=2235688
https://www.cve.org/CVERecord?id=CVE-2023-40857
https://github.com/VirusTotal/yara/issues/1945
Comment 2 Dirk Mueller 2023-09-11 06:53:05 UTC 
This CVE has been disputed. see https://github.com/VirusTotal/yara/issues/1948#issuecomment-1672869957

can we close this?