Published: 06/06/2017 Updated: 03/10/2019

CVSS v2 Base Score: 5.8 | Impact Score: 4.9 | Exploitability Score: 8.6

CVSS v3 Base Score: 7.1 | Impact Score: 5.2 | Exploitability Score: 1.8

VMScore: 516

Vector: AV:N/AC:M/Au:N/C:P/I:N/A:P

The yr_arena_write_data function in YARA 3.6.1 allows remote malicious users to cause a denial of service (buffer over-read and application crash) or obtain sensitive information from process memory via a crafted file that is mishandled in the yr_re_fast_exec function in libyara/re.c and the _yr_scan_match_callback function in libyara/scan.c.

Vulnerable Product	Search on Vulmon	Subscribe to Product
virustotal yara 3.6.1

Debian Bug report logs - #864517 CVE-2017-9465 Package: src:yara; Maintainer for src:yara is Debian Security Tools <team+pkg-security@trackerdebianorg>; Reported by: Moritz Muehlenhoff <jmm@debianorg> Date: Fri, 9 Jun 2017 19:27:01 UTC Severity: important Tags: fixed-upstream, patch, security, upstream Merged wit ...

CWE-125 https://github.com/VirusTotal/yara/issues/678 https://github.com/VirusTotal/yara/commit/992480c30f75943e9cd6245bb2015c7737f9b661 https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=864517 https://nvd.nist.gov

Get Started

Vulmon Search is a vulnerability search engine. It gives comprehensive vulnerability information through a very simple user interface.

Home Recent Vulnerabilities Research Posts Trends Blog About Contact

Vulmon Search Vulmon Research Vulmon Alerts Vulmap

Twitter Reddit Linkedin Facebook

CVE-2017-9465

Vulnerability Summary

Vulnerability Trend

Vendor Advisories

References

Vulmon Search

About

Products

Connect