Add an example of rule preventing CVE-2021-4034

exein-io · Dec 20, 2023 · 9ce9e25 · 9ce9e25
1 parent a158059
commit 9ce9e25
Showing 1 changed file with 6 additions and 0 deletions.
diff --git a/rules/basic-rules.yaml b/rules/basic-rules.yaml
@@ -107,3 +107,9 @@
 - name: Executable deleted itself
   type: FileDeleted
   condition: payload.filename == header.image
+
+
+# Rules preventing known vulnerabilities
+- name: CVE-2021-4034, possible envp manipulation with empty argv
+  type: Exec
+  condition: payload.argc == 0