CVE-2017-5923

Опубликовано: 03 апр. 2017

Источник: nvd

CVSS3: 7.5

CVSS2: 5

EPSS Низкий

Описание

libyara/grammar.y in YARA 3.5.0 allows remote attackers to cause a denial of service (heap-based out-of-bounds read and application crash) via a crafted rule that is mishandled in the yara_yyparse function.

Ссылки

http://www.securityfocus.com/bid/98080
https://github.com/VirusTotal/yara/commit/ab906da53ff2a68c6fd6d1fa73f2b7c7bf0bc636
Patch
Vendor Advisory
https://github.com/VirusTotal/yara/issues/597
Exploit
Issue Tracking
Patch
http://www.securityfocus.com/bid/98080
https://github.com/VirusTotal/yara/commit/ab906da53ff2a68c6fd6d1fa73f2b7c7bf0bc636
Patch
Vendor Advisory
https://github.com/VirusTotal/yara/issues/597
Exploit
Issue Tracking
Patch

Уязвимые конфигурации

Конфигурация 1

cpe:2.3:a:virustotal:yara:3.5.0:*:*:*:*:*:*:*

EPSS

Процентиль: 73%

0.00787

Низкий

7.5 High

CVSS3

5 Medium

CVSS2

Дефекты

CWE-125

Связанные уязвимости

CVE-2017-5923

CVSS3: 7.5

ubuntu

почти 9 лет назад

CVE-2017-5923

CVSS3: 7.5

debian

почти 9 лет назад

libyara/grammar.y in YARA 3.5.0 allows remote attackers to cause a den ...

GHSA-x9r6-fxx3-q7m8

CVSS3: 7.5

github

больше 3 лет назад

EPSS

Процентиль: 73%

0.00787

Низкий

7.5 High

CVSS3

5 Medium

CVSS2

Дефекты

CWE-125