CVE-2017-5923

See a problem?
Please try reporting it to the source first.
Source
https://nvd.nist.gov/vuln/detail/CVE-2017-5923
Import Source
https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2017-5923.json
JSON Data
https://api.osv.dev/v1/vulns/CVE-2017-5923
Downstream
Published
2017-04-03T05:59:00Z
Modified
2025-10-14T16:12:43.269045Z
Severity
  • 7.5 (High) CVSS_V3 - CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H CVSS Calculator
Summary
[none]
Details

libyara/grammar.y in YARA 3.5.0 allows remote attackers to cause a denial of service (heap-based out-of-bounds read and application crash) via a crafted rule that is mishandled in the yara_yyparse function.

References

Affected packages

Git / github.com/virustotal/yara

Affected ranges

Type
GIT
Repo
https://github.com/virustotal/yara
Events
Introduced
0 Unknown introduced commit / All previous commits are affected
Fixed
ab906da53ff2a68c6fd6d1fa73f2b7c7bf0bc636

Affected versions

v2.*

v2.0.0
v2.1.0

v3.*

v3.0.0
v3.1.0
v3.2.0
v3.3.0
v3.4.0

Database specific 

{
    "vanir_signatures": [
        {
            "signature_version": "v1",
            "signature_type": "Function",
            "target": {
                "file": "libyara/grammar.c",
                "function": "yyparse"
            },
            "deprecated": false,
            "digest": {
                "length": 46746.0,
                "function_hash": "255817588264694491270603386259301270595"
            },
            "id": "CVE-2017-5923-a3b3f538",
            "source": "https://github.com/virustotal/yara/commit/ab906da53ff2a68c6fd6d1fa73f2b7c7bf0bc636"
        },
        {
            "signature_version": "v1",
            "signature_type": "Line",
            "target": {
                "file": "libyara/grammar.c"
            },
            "deprecated": false,
            "digest": {
                "line_hashes": [
                    "3238433294361946192542944747884565709",
                    "118103087538679555866078553999066289761",
                    "304389595400019637900851322332716759395",
                    "250908590778467786071021435475134802421",
                    "288873297850163886133740265395174914446",
                    "138569556846708252071580360696395556519",
                    "250627320508112384312182592625845558985",
                    "302388238227377570441348976884367158745",
                    "301745503152191876322184303314554392538",
                    "218877624069360544430035802991982871051",
                    "283964867375043813636038250528553147372",
                    "10246620642217959627989631040304863399",
                    "140826123429098326713815868999072207602",
                    "86375847817122990923178354700517628604",
                    "314172254286582601555849339066476329755",
                    "54297033916623978603249746248255481623",
                    "50391651025221385852682350136993554097",
                    "24177997586974923094087656139879774555",
                    "34118162108899096431093918149408730924",
                    "184529972374266575809773177338381497661",
                    "252926136610850290627730645893467213115",
                    "261727999264052568974174284663119024281",
                    "157555844821964903554480040404321668080",
                    "173198744061172748435209987660689072951",
                    "55409642631214004123911759851152712208",
                    "293163730708319633088167652586321299070",
                    "7968400156881528735138152190462458836",
                    "154485645192334728994310005275034991265",
                    "14500247185332069863001460920644920009",
                    "287397024164071586881261162244290024716",
                    "7052774108089883975425363647755663990",
                    "59918301631254423481761621446445504564",
                    "144058132699061734165644862248832672048",
                    "283728511001225517746377355520703473886",
                    "227243338705144023248761018653487939934",
                    "324023137890524326920596965064148494989",
                    "19860491429389618743582839285849008192",
                    "35145808191913169231592615794021972138",
                    "45310441373411733005838908376044036853",
                    "42215103335180539438816342480305490523",
                    "303617114137345711843955897604513081456",
                    "26442710305648024954160659302903014268",
                    "311898565524163148255895614327132414644",
                    "266481207885059043726896225259877597074",
                    "64697446789373370026092453849954939325",
                    "303785261651154745049967944986351645338",
                    "319373490983607966486693419403819288626",
                    "20646060952652605444488278301258384338",
                    "229916067305059047770675949217994438166",
                    "254864424271866980413226855991817440818",
                    "220676219308923636109022147135680806841",
                    "53380783667722593365760918933399765484",
                    "88871782353701548965870236433669471542",
                    "251951701081018022608053837761757825980",
                    "70096996850664727813277715925974052076",
                    "16868815694982833155881314422336110265",
                    "332427201895077087097399017926139974006",
                    "5537056567644739130668678618016108407",
                    "337614480310193864271827699551935697573",
                    "144990593555094173163524169642523277469",
                    "201282809709662570618121919507306319450",
                    "65129513961166321300085236843041763013",
                    "144651721416902815343923329044685218369",
                    "230456031104350928263551023454269354513",
                    "265822687192791165655503098008682360840",
                    "292198741998970775905049783887688899959",
                    "90837923361706635652982640544506152208",
                    "275579164014798910508231452199999846382",
                    "117508800270711270903802710516641200110",
                    "221667493376035779158881621807639467435",
                    "272527233451541151700204678990456607490",
                    "112701896496740212199446830434699364428",
                    "97600723664187792642858056970747706925",
                    "281742385157007750465274452904216035537",
                    "110775198528275444658887880776875336315",
                    "210443853088034446477969161211940707415",
                    "30531079216887511098225296652537428421",
                    "335146975985980371097049100052792830003",
                    "212478716525005814514543201655347126520",
                    "35927571021400019217572151449890863350",
                    "113337090594997459517161059474994769433",
                    "94458081491768202109003613491730578447",
                    "28473492081341054559499689951333632320",
                    "24345429523845436952529972624263940640",
                    "279666069453369630585289901364355268817",
                    "138829523304238815029504240384586206372",
                    "29555459115847773832443852913963566892",
                    "72563608909370272072119770212636540580",
                    "243868389660942441504407835728948192079",
                    "336855802482597532228091160108315315280",
                    "59704403192335319443955497112185201544",
                    "197327503045085994935608462199121258166",
                    "126954669767821054930115115047902144180",
                    "94215759526107972129216055738690590892",
                    "164484954771315607608151407917934838681",
                    "196861664164310106016590565742634589282",
                    "148907464480989377865427994601083387325",
                    "162424165664518880994260066538323277447",
                    "14905483171759557364195719440232315340",
                    "337644570274778406358449295318947935528",
                    "296157436007045200642876513951928676257",
                    "2244778825801739315354178523775843607",
                    "60174749077590905993495884932094125312",
                    "67829344385630204412849217936116477050",
                    "177203059778769939507596336039678403193",
                    "162024010234703558175313038887044149536",
                    "41685211458537731850343866810399974774",
                    "104202505662077345906075013896564000138",
                    "182575531532813619507973429732482740977",
                    "18488748178391196364661979809715033012",
                    "282444464027507642688246182221545950862",
                    "101917520987989079297847084201210951974",
                    "265074051153141053039239342484502186304",
                    "10089435131143907148120790369276115456",
                    "54749179763841918981050680160447214474",
                    "252548547247465111416499931908751325004",
                    "135701863467899931384839488322326231978",
                    "220332093258823986335795639069174096389",
                    "82457000608431534962324397196925399971",
                    "273646315363123878209926644299331043378",
                    "90133120115044119868905685421708039991",
                    "11224440208404490845324727476329301534",
                    "149609944751228864439897102944203508584",
                    "205536909053649442177814175694781977821",
                    "125722890495752412250663792286765368101",
                    "304495442488560722095555407001533755675",
                    "309973305073448725324881509992587405304",
                    "165766385104529168363628996511804173032",
                    "281080638682796460554773615419081442598",
                    "172393709100253271852817917011124165906",
                    "10426670833484986825381604510605225737",
                    "123710813790938066851223102512680927617",
                    "130282927683222547903296301790491538651",
                    "150885827697850138488995849583943947502",
                    "311728350738517125274250134070721169468",
                    "53544780961923790577814758116940382221",
                    "159073478794046932519899014262068994835",
                    "220326523184552220447500967198855937325",
                    "43498212566261023710550075814070443814",
                    "216799818360426128784522496909112121180",
                    "284574766848023650014267473085042253573",
                    "73343658608392286834858540737766146190",
                    "71651900737483043754172282542821728763",
                    "147005193197543561185048681359885329316",
                    "144960559297531509780102912486044697787",
                    "324388666800851907675720041415147481322",
                    "4145981515297530396622670684699811500",
                    "148192178974631722462951932039244886368",
                    "271318756360258589134649128159235817088",
                    "180352947554506508355979504593229691783",
                    "157029966551865208174294471934648591322",
                    "194973547916887863084969256633383742668",
                    "334707152228158812623527886940770514907",
                    "121787327811260343805314224546708719885",
                    "114118955673494507359546485838915543477",
                    "15785656573994954782284177814624224881",
                    "6544975656736536732907357943327787251",
                    "78825619572448827216934353219528909853",
                    "197722336255968199021050632663595248788",
                    "233577491843516036054656315101011978581",
                    "310686323322095632856349590388020147778",
                    "49633692616930880626153201949051500705",
                    "37295991780186628522380736648963397047",
                    "186706567398941606246830234838609959906",
                    "239112398984179393554788911874769317195",
                    "196360836361111173425807937885708181310",
                    "256440606246759927923164695204703982137",
                    "37264971858042792878714375075988768640",
                    "141874616928380086363836248486073346664",
                    "318946671013271176286587888938457670524",
                    "96130478857340391779732319829526561166",
                    "156772249077953752645002768630633774775",
                    "316078275287144692504231385365829483372",
                    "17254915550341064467669525195141616966",
                    "89579765860355310110251277421085005178",
                    "10855270400010071877734558909388585940",
                    "258715775328278626150654124254768089981",
                    "280029802181986895778459586610330376567",
                    "136511242333506917588936231104522956501",
                    "245918134342449427499712866533846060608",
                    "106241391944067623452227741203351497901",
                    "87490349859525677538916289041654481738",
                    "246821126841315166091914974400456122001",
                    "118216701326245879969725200207607881696",
                    "75696704595733245076663385686784825575",
                    "197595841266943904055103672253236971876",
                    "175196266534707546123843432202369154133",
                    "17421744281704112199273040289027599910",
                    "316034268972882708557161675314793310699",
                    "248945589290629181891839014379283409123",
                    "221260313754996414700856017297874616777",
                    "107971242681296966301005918838779972655",
                    "225874865643486782378767427497494210264",
                    "197831548421687964048132509071418500123",
                    "299393278105808940639250039310630748222",
                    "208159956273493469493700944027765802731",
                    "79087315553915823136057884846508652672",
                    "197039636801689879341050514868015821691",
                    "251950161944060171446043682826586308205",
                    "28587345799197689476498223422349316688",
                    "294549415357557137519828897338045102400",
                    "136805946956230541700565679814499310732",
                    "281192522920191558610204841705575186846",
                    "177912686588121325041936960118947894494",
                    "63218793726195118201916613704405149042",
                    "264176836666219764788976686705426027650",
                    "66706703439883353062501893531513519133",
                    "152556222218726347314995688141059562852",
                    "236704929779740657062270221304240168680",
                    "320798804283955403993941512675659402222",
                    "89459711584788900991524278920654587732",
                    "240127026482329936518828658415911630385",
                    "236886683304415533562942673727588017967",
                    "222484629531019749932332080953588774616",
                    "84950800226059356721983045788304138323",
                    "188912587869972722714780853490092094411",
                    "37664945712186520575437245459362717417",
                    "41495152498339522411538999589338374864",
                    "60124889266507933516144967451064476503",
                    "82649641573553693769978959363016635766",
                    "100464907831061705471192841004789527384",
                    "321055996447369381423735573365219285368",
                    "220067286464241628797810548818919682626",
                    "333604123600064341669347520241509546318",
                    "259539164247046698500794343549799106695",
                    "86539596046490866916207929584575849467",
                    "261904970657501970337122459760026100261",
                    "146881689522505355035898101862054863267",
                    "191943162987055658764236291456942345348",
                    "98263558863625125960907874177429556061",
                    "333795754911150947945269507776412781909",
                    "1874052540102939959482455334586735172",
                    "130248297215874937686039437379244770925",
                    "290388934503103010712319521181693564114",
                    "314247618333668580880458386730212339485",
                    "7629607511961152780550185151434502301",
                    "183058129974595488501843000962705470540",
                    "92621313023978554058779507299326009863",
                    "59018961509660327761077372376734853327",
                    "118422189175092954032953344313861313314",
                    "110428558833499232044663960097474006690",
                    "238988238893444615923797552652313499002",
                    "324355090405378453444770751517643791934",
                    "28042881540538370757273721393080917355",
                    "168421640607865184741431978379351903066",
                    "184727559858622843033297624680713175878",
                    "159919259110349006722321705953309525853",
                    "313477085843278003486922708118748484635",
                    "24728267532779222599934140439388028408",
                    "111165418654615351887032367664870894149",
                    "201681551053696557396729779447556640824",
                    "99096146161675371472010289554563741142",
                    "165802049895215461318192971944935001876",
                    "51932513683479315115883350438658234007",
                    "293980308448122784316621658407443329979",
                    "184008312023198905152698571807322853821",
                    "178774791730237817816241297260559541374",
                    "269949027464907943954858881434715132597",
                    "200798372892224067925408238154728632865",
                    "3283106355016673896826894136645696001",
                    "32873105474472437547934571980199096053",
                    "127432334687156900624543637300836739967",
                    "301595077969666259145301708156314565124",
                    "131280382808306298122892234903194117326",
                    "72292831122678798353335912570477577588",
                    "158636120676924763284699552470834279918",
                    "67877609626413016907834808782669306818",
                    "178090109129601892585201198562011148072",
                    "269692533177084541599693354079738555733",
                    "176190224462150771289413938540415223684",
                    "233020824783184912881660465102804303151",
                    "160194136487965026804678647902148390086",
                    "70234277844094768893080269971230923724",
                    "296370526238417674332294527672818921943",
                    "322205813716859391034109740949452619682",
                    "31410841115825593588578539089543672493",
                    "127145727102586503240610504260339603180",
                    "316303922480982276642176004702747909131",
                    "70126565478419333183819444523046828301",
                    "43313444609618430646307322133590241985",
                    "99123015354967954774863349995729170228",
                    "186812615300877720238735486497740255053",
                    "112827467129795267162705975826961422231",
                    "3226151737777028805946756124211622091",
                    "244293980416663474349176240385209594660",
                    "59563429816881422428677986503903619832",
                    "43537969167559848974144330097717205938",
                    "193818620518685453100662354658184603083",
                    "300331419205904448829042282734712055990",
                    "114280987826866321489882795988490435131",
                    "75271782766897492866522162015309609453",
                    "14475964401649785525549086651537252473",
                    "312169966715787485806647488146391943752",
                    "20689579294527789442104484098204782248",
                    "122680987935409117621888673752096412761",
                    "11227666882956692506403251541467084911",
                    "88848321281718029040248737627685055020",
                    "197158205835448930352909021679108293164",
                    "114280987826866321489882795988490435131",
                    "75271782766897492866522162015309609453",
                    "316451887630683727405983508733978341479",
                    "244662196721916558890085603528526564605",
                    "25086638140505005164722259276719911982",
                    "318341097083568064065769637408639719241",
                    "182439771858087126587786701713637372326",
                    "114795980056328881067813151975311185347",
                    "194895544581825820058424958169217364919",
                    "108078340343678220965180287646012179760",
                    "169739557453998779035803440463339962819",
                    "116131463760304718531594218245898236945",
                    "131465571412587676496470555617633499806",
                    "39231737441406455350850072361343408476",
                    "207597535333289566422066268508798511296",
                    "142953333433798738498113574910070721994",
                    "320021459724248882674618913968597744092",
                    "192845009083291299837315449015010324085",
                    "287926205973566440082757239249651000012",
                    "22064129815189585834548732968098427194",
                    "219274548291080886390143281939774155939",
                    "255248811304320978833269999324825698052",
                    "237405256348043666610368235601399966651",
                    "41213615939871671022844159446424413136",
                    "274199128383337391864215785924771150611",
                    "54363088287120988578451095010154497700",
                    "89789567189654706866868076387713237390",
                    "26523539554421623556799555604710670627",
                    "156146530106410926850008137035267402370",
                    "258676624163014733589061790684371725941",
                    "292602876234697453641705121267108084759",
                    "34011712080494120566171866950186595957",
                    "57990615018453986365433717280004021031",
                    "335771056199223450245894854793672970843",
                    "206470024404063684856243413821970268436",
                    "9435544186231832904240657223554324150",
                    "234952899957625733726581661154035813432",
                    "162737499387363652016865846468951172014",
                    "220894120958419734952580799829935195770",
                    "263182572277870701369018187220204640204",
                    "330096035143825879265527103877903824948",
                    "154222816702669327788804111117848821941",
                    "91911490690033650510130908211340881795",
                    "287594398678674879321908429626930982957",
                    "269692175010092944758284971123134621395",
                    "220674882153494519729458992469623825670",
                    "97523557937290165651556174794139901180",
                    "312359377633799688975744853146363452448",
                    "223109533270776743164597993415214950988",
                    "338695353691145827175701269435616023808",
                    "194052258005633927340992528070434560949",
                    "203626213222027455222782834086809141371",
                    "249280659065496435001808890626764446865",
                    "224809631734328031411934636810575526549",
                    "229567677105916184795181276491387107807",
                    "130285372547270699530975638405653528856",
                    "314081510635349252705748237557716421067",
                    "5645627369513727816494886957096764645",
                    "307012956170379635349969412346211976320",
                    "217158312014420304912513021585944174840",
                    "114220662494141599482092377006874417231",
                    "175841703363398231536060106767858593895",
                    "253759513250500381530001622326833995232",
                    "43292508348179154182289411407110560577",
                    "108350896675010834057277648526726638385",
                    "42727627485210593416067044291169323121",
                    "36882938185318180259793704180418116493",
                    "75480983131427785540948299897342223098",
                    "89078356170960829151381656450414051020",
                    "96783121654958591983476506014345445726",
                    "155321055657164129561005820308449834261",
                    "141752677713516006951988148125670177886",
                    "35938563842219050790577349532615474043",
                    "339247147837795494042602340456885005172",
                    "296519456067460177399386720950401276887",
                    "34657262281536791330752868746169350266",
                    "46331690384047294985028042059363609903",
                    "285741592409865929150804697580135790719",
                    "251843794942685810299234664602202949684",
                    "188436933208803530574728565044922443996",
                    "60102947490774311771286770546443333307",
                    "79645824009518457853548206377753372870",
                    "304823202496534082559528881485660681355",
                    "109616195632562664292273255250139651619",
                    "311778012395262154509313044078561364794",
                    "330021318043942277925428135888678360480",
                    "122236312650889252547404368875742440681",
                    "295551988070745966669546186334109120946",
                    "162203593609249208878853613920026208727",
                    "157602527118009005068713151842103876819",
                    "311406244062177805655387643642304146546",
                    "334825568626683482854375481434087428833",
                    "181027521082659510790345300640967706103",
                    "45474509520695119358252287233356856264",
                    "13558849144000652888234628903978217549",
                    "157847678659269310737660678043997097172",
                    "69786521681587968538423691628747981231",
                    "58854600884925182395781553949685054918",
                    "15968130066051595055206560358887516127",
                    "207674268223930428630560954316757510127",
                    "28929837908602569372002492081724807702",
                    "42776318599811832752756039826543429387",
                    "269410709196324774147226456142836728271",
                    "16234523619256863090763742889752505495",
                    "152412389330795470850414688702835229193",
                    "135688543493404418100080136624017314113",
                    "59351846148010756491621438427579652368",
                    "101953945449631174825345239513532896758",
                    "256175995167676402924962837078425132213",
                    "95932976264386194051904150014986407541",
                    "31202003794758361372029152801030840500",
                    "271933690690961296961060190786850534392",
                    "184824983700084670446435169651080488055",
                    "80446359474632504979989605829722453178",
                    "209082166551881823027853420507712422302",
                    "113455957574087434997292106233850119547",
                    "83474055268755780687085774348391816007",
                    "208220826510502999230542555954187564299",
                    "12593459754058238941498645081622145361",
                    "233557978076619412984391510372154861880",
                    "231457653692384315465664961475168188109",
                    "47563882251547848931042039928708881603",
                    "70435105595219149798140710580754454640",
                    "154338798799417368700144679335922862410",
                    "266159943270252152961756603877699303683",
                    "299970122601400089515281267354110154871",
                    "220704547509496324405883732477051990972",
                    "328944144093606446786403994940515135127",
                    "320151566071982210349055317498554831482",
                    "150332943222082307629009678166867030620",
                    "314134269673995136928145059786446081604",
                    "189913631176531247599718705157525814563",
                    "146294289761624273401087454370852244116",
                    "47173810422106667496025478806152997282",
                    "173449964190922303708951115509794300848",
                    "244884837394616730887095448752155663827",
                    "288195798355301742676528012370418902179",
                    "41191066532457461446962840603119868038",
                    "323317737995236577201486847187217345709",
                    "69056085768062261797509222868716851705",
                    "149290424498146479065136765493963153779",
                    "36529189803012285625039793918577625567",
                    "226284538487283907701642307697306386829",
                    "112018679456607052524941300398012943271",
                    "1080900811761310390745622982510758469",
                    "206205333433446310986356021977780074459",
                    "177527390541177182767535875712483266508",
                    "253015105619112375482835023399311908621",
                    "216229046402746445431252255526038998177",
                    "77073431430256685517149924479676215424",
                    "87341893485624373705038589379371893139",
                    "41158774061254845045117392956010591706",
                    "119418632301450686362986691636267813283",
                    "328528027842233713175296647209610156016",
                    "72774654483320540527693884523903907007",
                    "226188386251267165134782349410958443235",
                    "98938058334608281126520267561987949334",
                    "277694813227757967371112388591291261004",
                    "65132615115632321317263190183408020789",
                    "223958434112331114475023327143375297968",
                    "78106220741068780303079822819391603718",
                    "30948005720150524400655400551352161441",
                    "302855809849687243117889044531100765544",
                    "185829081646307239887690934255140178947",
                    "113260077537680729395353485342008977253",
                    "142560129366216518010063803812391820546",
                    "101672105744780894260307481036505363634",
                    "331253190744678888071690988440736495773",
                    "212850181058635923499859526997633971942",
                    "94599329242176730874861881929096577776",
                    "335231356964956379742310084724440488784",
                    "174097193276199645383218099769014824893",
                    "273320705011167504025764056900871016807",
                    "337682961082720902377098575459221142250",
                    "101033039265651762526034657891448890380",
                    "186510134248527846007436484801555883513",
                    "163782392019555003519010416552653007124",
                    "189812377887852164853211486602611928673",
                    "178059568451716793288117086258261109534",
                    "228735590964653204095398387623946549815",
                    "165214898441696700236221805920376034720",
                    "148517807485753081864884961395867328462",
                    "283058649098439505627320170102123528638",
                    "267404395902012686873267480530288560591",
                    "17235327449990054096068504012926734916",
                    "186061108156686844111025501114882251286",
                    "92323159610889925279391807434984268751",
                    "135771753030354563486494726570708390852",
                    "33485446304210484650175818671502349084",
                    "176912338388272352573414248789654981069",
                    "46959063315821326406738344869231079763",
                    "177908712475950657545845633822347002035",
                    "78427057698349966796675533800223175544",
                    "260863412950095336523213783438821508667",
                    "122332900760413171200570896015072843393",
                    "160833520137719176202778555585315935914",
                    "226286958077579274916896562697518069961",
                    "206618948884312714603312271439730234685",
                    "163290545162342692903349211218206168940",
                    "225659884749368866677783312514291434478",
                    "106436468948711281661354297935929371866",
                    "187568533372145921704576848119102083381",
                    "232788534100041886924411501001394338996",
                    "104894800637793375366094682251463890285",
                    "40282061071414694123133737297012245622"
                ],
                "threshold": 0.9
            },
            "id": "CVE-2017-5923-adc57485",
            "source": "https://github.com/virustotal/yara/commit/ab906da53ff2a68c6fd6d1fa73f2b7c7bf0bc636"
        }
    ]
}