{"id":"CVE-2017-8294","details":"libyara/re.c in the regex component in YARA 3.5.0 allows remote attackers to cause a denial of service (out-of-bounds read and application crash) via a crafted rule that is mishandled in the yr_re_exec function.","modified":"2026-03-14T09:24:19.804743Z","published":"2017-04-27T14:59:00.310Z","related":["openSUSE-SU-2024:11530-1"],"references":[{"type":"ADVISORY","url":"http://www.securityfocus.com/bid/98072"},{"type":"FIX","url":"https://github.com/VirusTotal/yara/commit/83d799804648c2a0895d40a19835d9b757c6fa4e"},{"type":"FIX","url":"https://github.com/VirusTotal/yara/issues/646"}],"affected":[{"ranges":[{"type":"GIT","repo":"https://github.com/virustotal/yara","events":[{"introduced":"0"},{"last_affected":"c8571453e39913267e7042096d03bee040409b9a"},{"fixed":"83d799804648c2a0895d40a19835d9b757c6fa4e"}],"database_specific":{"versions":[{"introduced":"0"},{"last_affected":"3.5.0"}]}}],"database_specific":{"source":"https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2017-8294.json","vanir_signatures":[{"target":{"file":"tests/test-rules.c","function":"test_re"},"source":"https://github.com/virustotal/yara/commit/83d799804648c2a0895d40a19835d9b757c6fa4e","signature_type":"Function","deprecated":false,"signature_version":"v1","id":"CVE-2017-8294-078b1519","digest":{"length":11827,"function_hash":"6675730886640864820263708902328675953"}},{"target":{"file":"libyara/scan.c"},"source":"https://github.com/virustotal/yara/commit/83d799804648c2a0895d40a19835d9b757c6fa4e","signature_type":"Line","deprecated":false,"signature_version":"v1","id":"CVE-2017-8294-17db7816","digest":{"line_hashes":["298678278890016177094226792384841465972","115030241433889253518193458123014473689","329308889560649217400728530026458512797","144553008709708727182860129965294085591","33508348889715872939576877659060235605","314757613728239886576175251272018315851","203652821191717897634077684506596455426","192980430375982696898103606860225765902","33508348889715872939576877659060235605","314757613728239886576175251272018315851","203652821191717897634077684506596455426","192980430375982696898103606860225765902","127858277739664915076606262077831201687","80062374424305076488952636591543206775","100732343066072604303822883868109074611","243767082347591346401845423856184963015"],"threshold":0.9}},{"target":{"file":"libyara/include/yara/re.h"},"source":"https://github.com/virustotal/yara/commit/83d799804648c2a0895d40a19835d9b757c6fa4e","signature_type":"Line","deprecated":false,"signature_version":"v1","id":"CVE-2017-8294-4daf94ea","digest":{"line_hashes":["324949792560091756224163064057242897528","990241639781909245954774255435332669","240278386194186106605376045912427372554","129405104233856687665178532077183749764","263764413210481694627368840791889946042","174235008852535607116325528137993283975","58626142807329644705997517255860667771","105565019056886738521006211235579263192","196043980291925173933474761435055756966","195071231783080398217433514423522632471","329308889560649217400728530026458512797","144553008709708727182860129965294085591","242886544882867689198425636031964037381","195071231783080398217433514423522632471","329308889560649217400728530026458512797","144553008709708727182860129965294085591"],"threshold":0.9}},{"target":{"file":"libyara/exec.c"},"source":"https://github.com/virustotal/yara/commit/83d799804648c2a0895d40a19835d9b757c6fa4e","signature_type":"Line","deprecated":false,"signature_version":"v1","id":"CVE-2017-8294-5bc983ea","digest":{"line_hashes":["180564530272520500841657061280812406658","200922995584183858963552054136959670898","168061866531480460254684823910370652781","111090251000905298206509196838076097638"],"threshold":0.9}},{"target":{"file":"libyara/exec.c","function":"yr_execute_code"},"source":"https://github.com/virustotal/yara/commit/83d799804648c2a0895d40a19835d9b757c6fa4e","signature_type":"Function","deprecated":false,"signature_version":"v1","id":"CVE-2017-8294-96bc484e","digest":{"length":16439,"function_hash":"165468636708465699324538963672363383940"}},{"target":{"file":"libyara/re.c","function":"yr_re_exec"},"source":"https://github.com/virustotal/yara/commit/83d799804648c2a0895d40a19835d9b757c6fa4e","signature_type":"Function","deprecated":false,"signature_version":"v1","id":"CVE-2017-8294-96bd0e6a","digest":{"length":453,"function_hash":"325700773811560424275481412306906264612"}},{"target":{"file":"libyara/re.c","function":"yr_re_fast_exec"},"source":"https://github.com/virustotal/yara/commit/83d799804648c2a0895d40a19835d9b757c6fa4e","signature_type":"Function","deprecated":false,"signature_version":"v1","id":"CVE-2017-8294-98003b09","digest":{"length":2051,"function_hash":"4404120521763609504453440516522151956"}},{"target":{"file":"libyara/scan.c","function":"_yr_scan_verify_re_match"},"source":"https://github.com/virustotal/yara/commit/83d799804648c2a0895d40a19835d9b757c6fa4e","signature_type":"Function","deprecated":false,"signature_version":"v1","id":"CVE-2017-8294-a0796555","digest":{"length":1838,"function_hash":"265961797797799156796351398842118643067"}},{"target":{"file":"libyara/re.c"},"source":"https://github.com/virustotal/yara/commit/83d799804648c2a0895d40a19835d9b757c6fa4e","signature_type":"Line","deprecated":false,"signature_version":"v1","id":"CVE-2017-8294-a6faf0b0","digest":{"line_hashes":["241366568729611624624022607543917496947","324559293588523416768677789583550751772","122922926922472298041466322947265388981","533649957322013738915299173030457068","73822230118914005020770311543615119375","267864666699287602689238538541756316282","148870870899111847726785039237130289936","209466726100908626563047141659268919172","151005180672490946819730002055313426159","105859359658497366019523385213633238124","337217937618060313209329346888372268416","37344990670557435908305717466962995631","174535657706961513648427489092409908066","36559690329152894837656704777699997515","232489525937333331244503081164622122612","322191154173932016472806497002574798400","91681304792694860967171270600793554193","68097493210211348514976142997465835397","99508096745715448066323683380637843706","222526003185754935196357196136287164809","250452398146489839829183429070985844416","140153630525003331000688340470894382221","241941844351731381922610925712209783839","207162341577842318400253818010533357206","331199787879423806112989559613632894695","123987039347623281882015354539969323922","270369247435248227945771090020155204298","136192629700681405768062240853484640893","116684391864681439292654961317477755833","219702664201708272468475557382273167636","301037335226467119571012702732354811460","254609235829469923468720525880475740132","6094149510542793034466122956456286079","313812679611682147896260217852352141037","243478308062012895747573509807475634354","77306802129883414777774724013077665047","223233284889212244933693536320397889365","85040000024345694496848398617662549978","1925653159542210003455987985801292831","203917981864325181107905027008846683857","246210722743053313675899371608708253478","58783605126494420613308885907958202384","244871419703628979080711017871778113074","182647278537149965209809650945122896644","126592461572800946076905427353122963747","110952916795834918278603992630436552448","62514565655805028738559144036225859841","319136761567998098077232334373697801320","304516014916137576515973097634812987653","270943291890008906227244831202284217519","104407386398230498763482309560193485464","103124530587428009616080768515827741915","325309378010001227833882753550236167972","337282328068026804977894540569574942280","20931924149146114303411948276210413214","300834964599588132910400858127997209433","192205976304746755609406438443759636172","136772147437818869960976981098493465236","103312179413043108691204721178859460661","332283545045183256085521351369403931302","269856177471760743896289580766546510498","80580666463073115143524854730803131732","338947368611214957654629208141613964572","104134672885863993494194296993726339594","250041296964640594470259883688681747951","245372383392056323485177660471937525741","82733044043760978696377446524291757273","224726084876571947542372595037729752389","225511163003317523505822399757672260167","10872588922842629893523926310876502650","305091299493058380286184578413638178434","70276389452508131041653516212511751727","332619034012376505103646112713490166147","262468665153036193293192641175730336773","272464119822889454928326694148928200172","102598108211638039192909526500270918608","199829095667202790620946831276043160454","176944035512671495963257243521818864528","82506525885206685399255386229587881221","81536050965043434535507410334172773911","174535657706961513648427489092409908066","36559690329152894837656704777699997515","206179536687940786403570257822367295093","126869526521501282529998833147720998793","207802719318217699549539142363039891440","194637426577345688911795327200019297316"],"threshold":0.9}},{"target":{"file":"libyara/re.c","function":"yr_re_match"},"source":"https://github.com/virustotal/yara/commit/83d799804648c2a0895d40a19835d9b757c6fa4e","signature_type":"Function","deprecated":false,"signature_version":"v1","id":"CVE-2017-8294-c9407ad0","digest":{"length":182,"function_hash":"161365621626890638326663483567351548484"}},{"target":{"file":"tests/test-rules.c"},"source":"https://github.com/virustotal/yara/commit/83d799804648c2a0895d40a19835d9b757c6fa4e","signature_type":"Line","deprecated":false,"signature_version":"v1","id":"CVE-2017-8294-d9178f17","digest":{"line_hashes":["80661261998876771924755785928395759780","184951613192694374090990382388338348325","319530050382063885941508709592605701336"],"threshold":0.9}}]}}],"schema_version":"1.7.5","severity":[{"type":"CVSS_V3","score":"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"}]}