A vulnerability classified as problematic was found in YARA 3.5.0. This vulnerability affects the function
yara_yyparse of the file libyara/grammar.y. The manipulation leads to out-of-bounds read. Using CWE to declare the problem leads to CWE-125. The bug was discovered 01/23/2017. The weakness was shared 04/03/2017 as FEDORA-2017-11ac1e31eb (GitHub Repository). The advisory is shared for download at github.com.
This vulnerability was named CVE-2017-5923. The attack can be initiated remotely. Technical details are available. There is no exploit available. The current price for an exploit might be approx. USD $0-$5k at the moment.
It is declared as not defined. The vulnerability was handled as a non-public zero-day exploit for at least 70 days. As 0-day the estimated underground price was around $0-$5k. The vulnerability scanner Nessus provides a plugin with the ID 99743 (Fedora 25 : yara (2017-11ac1e31eb)), which helps to determine the existence of the flaw in a target environment. The commercial vulnerability scanner Qualys is able to test this issue with plugin 276651 (Fedora Security Update for yara (FEDORA-2017-11ac1e31eb)).
The bugfix is ready for download at github.com. It is recommended to upgrade the affected component. A possible mitigation has been published 4 weeks after the disclosure of the vulnerability.
The vulnerability is also documented other vulnerability databases: SecurityFocus (BID 98080) and Tenable (99743).
Do you need the next level of professionalism?
Upgrade your account now!