{"id":"CVE-2017-9465","details":"The yr_arena_write_data function in YARA 3.6.1 allows remote attackers to cause a denial of service (buffer over-read and application crash) or obtain sensitive information from process memory via a crafted file that is mishandled in the yr_re_fast_exec function in libyara/re.c and the _yr_scan_match_callback function in libyara/scan.c.","modified":"2026-07-08T14:13:05.098075Z","published":"2017-06-06T21:29:00.453Z","references":[{"type":"FIX","url":"https://github.com/VirusTotal/yara/commit/992480c30f75943e9cd6245bb2015c7737f9b661"},{"type":"EVIDENCE","url":"https://github.com/VirusTotal/yara/issues/678"}],"affected":[{"ranges":[{"type":"GIT","repo":"https://github.com/virustotal/yara","events":[{"introduced":"76cae33466f715fb3004082f00e3c06df028a1f8"},{"last_affected":"76cae33466f715fb3004082f00e3c06df028a1f8"},{"fixed":"992480c30f75943e9cd6245bb2015c7737f9b661"}],"database_specific":{"source":["CPE_STRING","REFERENCES"],"extracted_events":[{"introduced":"3.6.1"},{"last_affected":"3.6.1"}],"cpe":"cpe:2.3:a:virustotal:yara:3.6.1:*:*:*:*:*:*:*"}}],"versions":["3.6.1","v3.6.1"],"database_specific":{"vanir_signatures":[{"deprecated":false,"source":"https://github.com/virustotal/yara/commit/992480c30f75943e9cd6245bb2015c7737f9b661","signature_type":"Line","id":"CVE-2017-9465-1fffc0bc","signature_version":"v1","digest":{"line_hashes":["252996570414779086210087909001158397802","261181511046233318281731376336113655141","185667405258648800816523469620654116272"],"threshold":0.9},"target":{"file":"libyara/scan.c"}},{"deprecated":false,"source":"https://github.com/virustotal/yara/commit/992480c30f75943e9cd6245bb2015c7737f9b661","signature_type":"Function","id":"CVE-2017-9465-28e62c69","signature_version":"v1","digest":{"length":1543,"function_hash":"190220911575372943830684449426476716685"},"target":{"file":"libyara/scan.c","function":"_yr_scan_match_callback"}},{"deprecated":false,"source":"https://github.com/virustotal/yara/commit/992480c30f75943e9cd6245bb2015c7737f9b661","signature_type":"Function","id":"CVE-2017-9465-3eae38c7","signature_version":"v1","digest":{"length":2080,"function_hash":"218722524166379495420155728076727896018"},"target":{"file":"libyara/re.c","function":"yr_re_fast_exec"}},{"deprecated":false,"source":"https://github.com/virustotal/yara/commit/992480c30f75943e9cd6245bb2015c7737f9b661","signature_type":"Line","id":"CVE-2017-9465-8bf4ddcd","signature_version":"v1","digest":{"line_hashes":["65748931783295745936784776389354996336","246851929234363948597532778460422286229","260828838973996272821542977455737067581","113800155931700414934196972369092325044","256514620458886774406778854107372161521","209393066111306728356378236144028102631","202636849054021355813057677063838077607","243961396931324914856459043778367457788","130967971306365082989099645444723723985","328624578045068155561219552824340821315"],"threshold":0.9},"target":{"file":"libyara/re.c"}}],"source":"https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2017-9465.json","vanir_signatures_modified":"2026-07-08T14:13:05Z"}}],"schema_version":"1.7.5","severity":[{"type":"CVSS_V3","score":"CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:H"}]}