Published: 03/04/2017 Updated: 02/05/2017
CVSS v2 Base Score: 5 | Impact Score: 2.9 | Exploitability Score: 10
CVSS v3 Base Score: 7.5 | Impact Score: 3.6 | Exploitability Score: 3.9
VMScore: 445
Vector: AV:N/AC:L/Au:N/C:N/I:N/A:P

Vulnerability Summary

libyara/grammar.y in YARA 3.5.0 allows remote malicious users to cause a denial of service (use-after-free and application crash) via a crafted rule that is mishandled in the yr_parser_lookup_loop_variable function.

Most Upvoted Vulmon Research Post

There is no Researcher post for this vulnerability
Would you like to share something about it? Sign up now to share your knowledge with the community.

Vulnerability Trend

Vulnerable Product Search on Vulmon Subscribe to Product

virustotal yara 3.5.0

Vendor Advisories

Debian Bug report logs - #859821 CVE-2017-5923 CVE-2017-5924 CVE-2016-10210 CVE-2016-10211 Package: src:yara; Maintainer for src:yara is Debian Security Tools <team+pkg-security@trackerdebianorg>; Reported by: Moritz Muehlenhoff <jmm@debianorg> Date: Fri, 7 Apr 2017 16:21:19 UTC Severity: important Tags: security ...