This issue doesn't impact YARA significantly, but this rule crashes the Python interpeter. Any rule that contains metadata values that can be unescaped to [\x80-\xFF] can be used to crash any yara-python based system that doesn't specifically check for this. The rule compiles with no errors, but if the rule is run against anything, Python crashes. This was tested with yara-python 3.11.0 with Python 3.8 on Windows 10 and Ubuntu 16.04.1.
This issue doesn't impact YARA significantly, but this rule crashes the Python interpeter. Any rule that contains metadata values that can be unescaped to
[\x80-\xFF]
can be used to crash any yara-python based system that doesn't specifically check for this. The rule compiles with no errors, but if the rule is run against anything, Python crashes. This was tested with yara-python 3.11.0 with Python 3.8 on Windows 10 and Ubuntu 16.04.1.https://github.com/VirusTotal/yara/issues/1242