CVE-2017-9438

Beschreibung:
libyara/re.c in the regexp module in YARA 3.5.0 allows remote attackers to cause a denial of service (stack consumption) via a crafted rule (involving hex strings) that is mishandled in the _yr_re_emit function, a different vulnerability than CVE-2017-9304.

CWE: CWE-674

CVSS-Bewertung
CVSS 2: MEDIUM – 5 (Version: 2.0)
CVSS 3: HIGH – 7.5 (Version: 3.0)

Links:

NVD – CVE-2017-9438
CVE – CVE-2017-9438

Link (max. 20) Quelle Tags
https://github.com/VirusTotal/yara/issues/674 CONFIRM Issue Tracking Patch Vendor Advisory
https://github.com/VirusTotal/yara/commit/10e8bd3071677dd1fa76beeef4bc2fc427cea5e7 CONFIRM Patch VDB Entry
FEDORA-2021-f41d5fc954 FEDORA Third Party Advisory VDB Entry
FEDORA-2021-dd62918333 FEDORA Third Party Advisory
http://www.oracle.com/technetwork/security-advisory/cpuoct2017-3236626.html CONFIRM Patch Third Party Advisory
GLSA-201710-32 GENTOO Third Party Advisory
DSA-3896 DEBIAN Third Party Advisory
https://support.apple.com/HT208221 CONFIRM Third Party Advisory
RHSA-2017:3195 REDHAT Third Party Advisory
RHSA-2017:3194 REDHAT Third Party Advisory
RHSA-2017:3193 REDHAT Third Party Advisory
RHSA-2017:3477 REDHAT Third Party Advisory
RHSA-2017:3476 REDHAT Third Party Advisory
RHSA-2017:3475 REDHAT Third Party Advisory
RHSA-2017:2483 REDHAT Third Party Advisory
RHSA-2017:2479 REDHAT Third Party Advisory
RHSA-2017:2478 REDHAT Third Party Advisory
https://security.netapp.com/advisory/ntap-20180601-0002/ CONFIRM Third Party Advisory
https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_na-hpesbux03908en_us CONFIRM Third Party Advisory
[httpd-cvs] 20190815 svn commit: r1048743 [4/4] – in /websites/staging/httpd/trunk/content: ./ security/vulnerabilities-httpd.xml security/vulnerabilities_13.html security/vulnerabilities_20.html security/vulnerabilities_22.html security/vulnerabilities_24.html MLIST Mailing List Vendor Advisory

Quelle: NVD – CVE-2017-9438
Datum Veröffentlichung: 2017-06-05T17:29Z, Datum letzte Änderung: 2021-05-06T14:15Z