CVE-2017-9438
Summary
| CVE | CVE-2017-9438 |
| State | PUBLIC |
| Assigner | [email protected] |
| Source Priority | CVE Program / NVD first with legacy fallback |
| Published | 2017-06-05 17:29:00 UTC |
| Updated | 2023-11-07 02:50:00 UTC |
| Description | libyara/re.c in the regexp module in YARA 3.5.0 allows remote attackers to cause a denial of service (stack consumption) via a crafted rule (involving hex strings) that is mishandled in the _yr_re_emit function, a different vulnerability than CVE-2017-9304. |
NVD Known Affected Configurations (CPE 2.3)
References
| Reference | Source | Link | Tags |
|---|
| Fix issue #674 for hex strings. · VirusTotal/yara@10e8bd3 · GitHub |
CONFIRM |
github.com |
Patch |
| [SECURITY] Fedora 34 Update: yara-4.1.0-1.fc34 - package-announce - Fedora Mailing-Lists |
FEDORA |
lists.fedoraproject.org |
|
| [SECURITY] Fedora 33 Update: python-yara-4.1.0-1.fc33 - package-announce - Fedora Mailing-Lists |
FEDORA |
lists.fedoraproject.org |
|
| [SECURITY] Fedora 34 Update: yara-4.1.0-1.fc34 - package-announce - Fedora Mailing-Lists |
|
lists.fedoraproject.org |
|
| Stack overflow in _yr_re_emit() · Issue #674 · VirusTotal/yara · GitHub |
CONFIRM |
github.com |
Issue Tracking, Patch |
| [SECURITY] Fedora 33 Update: python-yara-4.1.0-1.fc33 - package-announce - Fedora Mailing-Lists |
|
lists.fedoraproject.org |
|
| CVE Program record |
CVE.ORG |
www.cve.org |
canonical |
| NVD vulnerability detail |
NVD |
nvd.nist.gov |
canonical, analysis |
No vendor comments have been submitted for this CVE.
Legacy QID Mappings
- 281241 Fedora Security Update for python (FEDORA-2021-f41d5fc954)
- 281242 Fedora Security Update for python (FEDORA-2021-dd62918333)