Bug#861590: yara: CVE-2017-8294: denial of service via a crafted rule (yr_re_exec function)

Salvatore Bonaccorso carnil at debian.org
Mon May 1 06:55:52 UTC 2017


Source: yara
Version: 3.5.0+dfsg-9
Severity: important
Tags: patch security upstream
Forwarded: https://github.com/VirusTotal/yara/issues/646

Hi,

the following vulnerability was published for yara.

CVE-2017-8294[0]:
| libyara/re.c in the regex component in YARA 3.5.0 allows remote
| attackers to cause a denial of service (out-of-bounds read and
| application crash) via a crafted rule that is mishandled in the
| yr_re_exec function.

If you fix the vulnerability please also make sure to include the
CVE (Common Vulnerabilities & Exposures) id in your changelog entry.

For further information see:

[0] https://security-tracker.debian.org/tracker/CVE-2017-8294
    https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-8294
[1] https://github.com/VirusTotal/yara/issues/646

Please adjust the affected versions in the BTS as needed, only sid has
been checked source-code wise.

Regards,
Salvatore



More information about the forensics-devel mailing list