CVE-2017-9465

Name of the Vulnerable Software and Affected Versions YARA version 3.6.1

Description The issue allows remote attackers to cause a denial of service or obtain sensitive information from process memory via a crafted file. This is due to the mishandling of the file in the yr re fast exec function in libyara/re.c and the yr scan match callback function in libyara/scan.c, which can lead to a buffer over-read and application crash.

Recommendations For YARA version 3.6.1, consider restricting the use of the yr arena write data function until a patch is available. As a temporary workaround, avoid using crafted files that may trigger the buffer over-read and application crash. At the moment, there is no information about a newer version that contains a fix for this issue.