CVE-2017-9465

See a problem?
Please try reporting it to the source first.
Source
https://nvd.nist.gov/vuln/detail/CVE-2017-9465
Import Source
https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2017-9465.json
JSON Data
https://api.osv.dev/v1/vulns/CVE-2017-9465
Downstream
Published
2017-06-06T21:29:00.453Z
Modified
2025-11-20T10:21:08.489004Z
Severity
  • 7.1 (High) CVSS_V3 - CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:H CVSS Calculator
Summary
[none]
Details

The yrarenawritedata function in YARA 3.6.1 allows remote attackers to cause a denial of service (buffer over-read and application crash) or obtain sensitive information from process memory via a crafted file that is mishandled in the yrrefastexec function in libyara/re.c and the yrscanmatchcallback function in libyara/scan.c.

References

Affected packages

Git / github.com/virustotal/yara

Affected ranges

Type
GIT
Repo
https://github.com/virustotal/yara
Events
Introduced
0 Unknown introduced commit / All previous commits are affected
Fixed
992480c30f75943e9cd6245bb2015c7737f9b661

Affected versions

v2.*

v2.0.0
v2.1.0

v3.*

v3.0.0
v3.1.0
v3.2.0
v3.3.0
v3.4.0
v3.6.0

Database specific

vanir_signatures

[
    {
        "id": "CVE-2017-9465-1fffc0bc",
        "signature_version": "v1",
        "digest": {
            "threshold": 0.9,
            "line_hashes": [
                "252996570414779086210087909001158397802",
                "261181511046233318281731376336113655141",
                "185667405258648800816523469620654116272"
            ]
        },
        "deprecated": false,
        "signature_type": "Line",
        "source": "https://github.com/virustotal/yara/commit/992480c30f75943e9cd6245bb2015c7737f9b661",
        "target": {
            "file": "libyara/scan.c"
        }
    },
    {
        "id": "CVE-2017-9465-28e62c69",
        "signature_version": "v1",
        "digest": {
            "function_hash": "190220911575372943830684449426476716685",
            "length": 1543.0
        },
        "deprecated": false,
        "signature_type": "Function",
        "source": "https://github.com/virustotal/yara/commit/992480c30f75943e9cd6245bb2015c7737f9b661",
        "target": {
            "file": "libyara/scan.c",
            "function": "_yr_scan_match_callback"
        }
    },
    {
        "id": "CVE-2017-9465-3eae38c7",
        "signature_version": "v1",
        "digest": {
            "function_hash": "218722524166379495420155728076727896018",
            "length": 2080.0
        },
        "deprecated": false,
        "signature_type": "Function",
        "source": "https://github.com/virustotal/yara/commit/992480c30f75943e9cd6245bb2015c7737f9b661",
        "target": {
            "file": "libyara/re.c",
            "function": "yr_re_fast_exec"
        }
    },
    {
        "id": "CVE-2017-9465-8bf4ddcd",
        "signature_version": "v1",
        "digest": {
            "threshold": 0.9,
            "line_hashes": [
                "65748931783295745936784776389354996336",
                "246851929234363948597532778460422286229",
                "260828838973996272821542977455737067581",
                "113800155931700414934196972369092325044",
                "256514620458886774406778854107372161521",
                "209393066111306728356378236144028102631",
                "202636849054021355813057677063838077607",
                "243961396931324914856459043778367457788",
                "130967971306365082989099645444723723985",
                "328624578045068155561219552824340821315"
            ]
        },
        "deprecated": false,
        "signature_type": "Line",
        "source": "https://github.com/virustotal/yara/commit/992480c30f75943e9cd6245bb2015c7737f9b661",
        "target": {
            "file": "libyara/re.c"
        }
    }
]