Sneed-Reactivity/yara-Neo23x0/expl_libcue_cve_2023_43641.yar

18 lines
577 B
Text
Raw Permalink Normal View History

rule SUSP_EXPL_LIBCUE_CVE_2023_43641_Oct23_1 {
meta:
author = "Florian Roth"
description = "Detects a suspicious .cue file that could be an exploitation attempt of libcue vulnerability CVE-2023-43641"
reference = "https://github.com/github/securitylab/blob/main/SecurityExploits/libcue/track_set_index_CVE-2023-43641/README.md"
date = "2023-10-27"
score = 70
id = "34fcf80c-adcd-55c0-9fb4-261d20f61fa6"
strings:
$a1 = "TRACK "
$a2 = "FILE "
$s1 = "INDEX 4294"
condition:
filesize < 100KB and all of them
}