QwikSec

Security Database

CVE

CWE

Training

CVE-2017-9438

Published: Jun 5, 2017

Modified: Aug 5, 2024

PUBLISHED

Description

libyara/re.c in the regexp module in YARA 3.5.0 allows remote attackers to cause a denial of service (stack consumption) via a crafted rule (involving hex strings) that is mishandled in the _yr_re_emit function, a different vulnerability than CVE-2017-9304.

Vendor	Product	Versions
n/a	n/a	affected `n/a`

References

https://github.com/VirusTotal/yara/issues/674

x_refsource_CONFIRM

https://github.com/VirusTotal/yara/commit/10e8bd3071677dd1fa76beeef4bc2fc427cea5e7

x_refsource_CONFIRM

FEDORA-2021-f41d5fc954

vendor-advisory

x_refsource_FEDORA

FEDORA-2021-dd62918333

vendor-advisory

x_refsource_FEDORA

Security Training

Train your team to recognize and prevent security threats with our comprehensive security awareness program.

Vulnerability Scanning

Discover vulnerabilities in your applications and infrastructure before attackers do.

CVE-2017-9438 - Security Vulnerability | QwikSec