{"id":"CVE-2017-9465","details":"The yr_arena_write_data function in YARA 3.6.1 allows remote attackers to cause a denial of service (buffer over-read and application crash) or obtain sensitive information from process memory via a crafted file that is mishandled in the yr_re_fast_exec function in libyara/re.c and the _yr_scan_match_callback function in libyara/scan.c.","modified":"2026-03-14T09:25:38.590973Z","published":"2017-06-06T21:29:00.453Z","references":[{"type":"FIX","url":"https://github.com/VirusTotal/yara/commit/992480c30f75943e9cd6245bb2015c7737f9b661"},{"type":"EVIDENCE","url":"https://github.com/VirusTotal/yara/issues/678"}],"affected":[{"ranges":[{"type":"GIT","repo":"https://github.com/virustotal/yara","events":[{"introduced":"0"},{"last_affected":"76cae33466f715fb3004082f00e3c06df028a1f8"},{"fixed":"992480c30f75943e9cd6245bb2015c7737f9b661"}],"database_specific":{"versions":[{"introduced":"0"},{"last_affected":"3.6.1"}]}}],"database_specific":{"vanir_signatures":[{"signature_type":"Line","id":"CVE-2017-9465-1fffc0bc","digest":{"threshold":0.9,"line_hashes":["252996570414779086210087909001158397802","261181511046233318281731376336113655141","185667405258648800816523469620654116272"]},"source":"https://github.com/virustotal/yara/commit/992480c30f75943e9cd6245bb2015c7737f9b661","signature_version":"v1","deprecated":false,"target":{"file":"libyara/scan.c"}},{"signature_type":"Function","id":"CVE-2017-9465-28e62c69","digest":{"length":1543,"function_hash":"190220911575372943830684449426476716685"},"source":"https://github.com/virustotal/yara/commit/992480c30f75943e9cd6245bb2015c7737f9b661","signature_version":"v1","deprecated":false,"target":{"file":"libyara/scan.c","function":"_yr_scan_match_callback"}},{"signature_type":"Function","id":"CVE-2017-9465-3eae38c7","digest":{"length":2080,"function_hash":"218722524166379495420155728076727896018"},"source":"https://github.com/virustotal/yara/commit/992480c30f75943e9cd6245bb2015c7737f9b661","signature_version":"v1","deprecated":false,"target":{"file":"libyara/re.c","function":"yr_re_fast_exec"}},{"signature_type":"Line","id":"CVE-2017-9465-8bf4ddcd","digest":{"threshold":0.9,"line_hashes":["65748931783295745936784776389354996336","246851929234363948597532778460422286229","260828838973996272821542977455737067581","113800155931700414934196972369092325044","256514620458886774406778854107372161521","209393066111306728356378236144028102631","202636849054021355813057677063838077607","243961396931324914856459043778367457788","130967971306365082989099645444723723985","328624578045068155561219552824340821315"]},"source":"https://github.com/virustotal/yara/commit/992480c30f75943e9cd6245bb2015c7737f9b661","signature_version":"v1","deprecated":false,"target":{"file":"libyara/re.c"}}],"source":"https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2017-9465.json"}}],"schema_version":"1.7.5","severity":[{"type":"CVSS_V3","score":"CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:H"}]}