CVE-2017-9438 - OpenCVE

libyara/re.c in the regexp module in YARA 3.5.0 allows remote attackers to cause a denial of service (stack consumption) via a crafted rule (involving hex strings) that is mishandled in the _yr_re_emit function, a different vulnerability than CVE-2017-9304.

No CVSS v3.1

Attack Vector Network

Attack Complexity Low

Privileges Required None

Scope Unchanged

Confidentiality Impact None

Integrity Impact None

Availability Impact High

User Interaction None

Access Vector Network

Access Complexity Low

Authentication None

Confidentiality Impact None

Integrity Impact None

Availability Impact Partial

AV:N/AC:L/Au:N/C:N/I:N/A:P

Vendors & Products
CPE Configurations

Vendors	Products
Virustotal	Yara

Configuration 1 [-]

cpe:2.3:a:virustotal:yara:3.5.0:*:*:*:*:*:*:*

References

Link	Resource
https://github.com/VirusTotal/yara/commit/10e8bd3071677dd1fa76beeef4bc2fc427cea5e7	Patch
https://github.com/VirusTotal/yara/issues/674	Issue Tracking Patch
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/FKNXSH5ERG6NELTXCYVJLUPJJJ2TNEBD/
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/XXM224OLGI6KAOROLDPPGGCZ2OQVQ6HH/

History

No history.

MITRE Information

Status: PUBLISHED

Assigner: mitre

Published: 2017-06-05T17:00:00

Updated: 2021-05-06T13:07:37

Reserved: 2017-06-05T00:00:00

Link: CVE-2017-9438

JSON object: View

NVD Information

Status : Modified

Published: 2017-06-05T17:29:00.183

Modified: 2023-11-07T02:50:46.323

Link: CVE-2017-9438

JSON object: View

Redhat Information

No data.

CWE

CWE-674

{"containers": {"cna": {"affected": [{"product": "n/a", "vendor": "n/a", "versions": [{"status": "affected", "version": "n/a"}]}], "datePublic": "2017-06-05T00:00:00", "descriptions": [{"lang": "en", "value": "libyara/re.c in the regexp module in YARA 3.5.0 allows remote attackers to cause a denial of service (stack consumption) via a crafted rule (involving hex strings) that is mishandled in the _yr_re_emit function, a different vulnerability than CVE-2017-9304."}], "problemTypes": [{"descriptions": [{"description": "n/a", "lang": "en", "type": "text"}]}], "providerMetadata": {"dateUpdated": "2021-05-06T13:07:37", "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "shortName": "mitre"}, "references": [{"tags": ["x_refsource_CONFIRM"], "url": "https://github.com/VirusTotal/yara/issues/674"}, {"tags": ["x_refsource_CONFIRM"], "url": "https://github.com/VirusTotal/yara/commit/10e8bd3071677dd1fa76beeef4bc2fc427cea5e7"}, {"name": "FEDORA-2021-f41d5fc954", "tags": ["vendor-advisory", "x_refsource_FEDORA"], "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/XXM224OLGI6KAOROLDPPGGCZ2OQVQ6HH/"}, {"name": "FEDORA-2021-dd62918333", "tags": ["vendor-advisory", "x_refsource_FEDORA"], "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/FKNXSH5ERG6NELTXCYVJLUPJJJ2TNEBD/"}], "x_legacyV4Record": {"CVE_data_meta": {"ASSIGNER": "cve@mitre.org", "ID": "CVE-2017-9438", "STATE": "PUBLIC"}, "affects": {"vendor": {"vendor_data": [{"product": {"product_data": [{"product_name": "n/a", "version": {"version_data": [{"version_value": "n/a"}]}}]}, "vendor_name": "n/a"}]}}, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": {"description_data": [{"lang": "eng", "value": "libyara/re.c in the regexp module in YARA 3.5.0 allows remote attackers to cause a denial of service (stack consumption) via a crafted rule (involving hex strings) that is mishandled in the _yr_re_emit function, a different vulnerability than CVE-2017-9304."}]}, "problemtype": {"problemtype_data": [{"description": [{"lang": "eng", "value": "n/a"}]}]}, "references": {"reference_data": [{"name": "https://github.com/VirusTotal/yara/issues/674", "refsource": "CONFIRM", "url": "https://github.com/VirusTotal/yara/issues/674"}, {"name": "https://github.com/VirusTotal/yara/commit/10e8bd3071677dd1fa76beeef4bc2fc427cea5e7", "refsource": "CONFIRM", "url": "https://github.com/VirusTotal/yara/commit/10e8bd3071677dd1fa76beeef4bc2fc427cea5e7"}, {"name": "FEDORA-2021-f41d5fc954", "refsource": "FEDORA", "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/XXM224OLGI6KAOROLDPPGGCZ2OQVQ6HH/"}, {"name": "FEDORA-2021-dd62918333", "refsource": "FEDORA", "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/FKNXSH5ERG6NELTXCYVJLUPJJJ2TNEBD/"}]}}}}, "cveMetadata": {"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "assignerShortName": "mitre", "cveId": "CVE-2017-9438", "datePublished": "2017-06-05T17:00:00", "dateReserved": "2017-06-05T00:00:00", "dateUpdated": "2021-05-06T13:07:37", "state": "PUBLISHED"}, "dataType": "CVE_RECORD", "dataVersion": "5.0"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:virustotal:yara:3.5.0:*:*:*:*:*:*:*", "matchCriteriaId": "0254F781-4B89-4557-8F17-1F228A3A8216", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "descriptions": [{"lang": "en", "value": "libyara/re.c in the regexp module in YARA 3.5.0 allows remote attackers to cause a denial of service (stack consumption) via a crafted rule (involving hex strings) that is mishandled in the _yr_re_emit function, a different vulnerability than CVE-2017-9304."}, {"lang": "es", "value": "En el archivo libyara/re.c en el m\u00f3dulo regexp en YARA versi\u00f3n 3.5.0, permite a los atacantes remotos causar una denegaci\u00f3n de servicio (consumo de pila) por medio de una regla especialmente dise\u00f1ada (involucrando a cadenas hexadecimales) que se maneja inapropiadamente en la funci\u00f3n _yr_re_emit, una vulnerabilidad diferente que CVE- 2017-9304."}], "id": "CVE-2017-9438", "lastModified": "2023-11-07T02:50:46.323", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "MEDIUM", "cvssData": {"accessComplexity": "LOW", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "PARTIAL", "baseScore": 5.0, "confidentialityImpact": "NONE", "integrityImpact": "NONE", "vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P", "version": "2.0"}, "exploitabilityScore": 10.0, "impactScore": 2.9, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": false}], "cvssMetricV30": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 7.5, "baseSeverity": "HIGH", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "version": "3.0"}, "exploitabilityScore": 3.9, "impactScore": 3.6, "source": "nvd@nist.gov", "type": "Primary"}]}, "published": "2017-06-05T17:29:00.183", "references": [{"source": "cve@mitre.org", "tags": ["Patch"], "url": "https://github.com/VirusTotal/yara/commit/10e8bd3071677dd1fa76beeef4bc2fc427cea5e7"}, {"source": "cve@mitre.org", "tags": ["Issue Tracking", "Patch"], "url": "https://github.com/VirusTotal/yara/issues/674"}, {"source": "cve@mitre.org", "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/FKNXSH5ERG6NELTXCYVJLUPJJJ2TNEBD/"}, {"source": "cve@mitre.org", "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/XXM224OLGI6KAOROLDPPGGCZ2OQVQ6HH/"}], "sourceIdentifier": "cve@mitre.org", "vulnStatus": "Modified", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-674"}], "source": "nvd@nist.gov", "type": "Primary"}]}