VDB-99245 · CVE-2017-5924 · BID 98075

YARA 3.5.0 libyara/grammar.y yr_compiler_destroy use after free

A vulnerability, which was classified as problematic, has been found in YARA 3.5.0. This issue affects the function yr_compiler_destroy of the file libyara/grammar.y. The manipulation leads to use after free. The CWE definition for the vulnerability is CWE-416. The bug was discovered 01/08/2017. The weakness was published 04/03/2017 as 7f02eca670f29c00a1d2c305e96febae6ce5d37b (GitHub Repository). The advisory is shared at github.com. The identification of this vulnerability is CVE-2017-5924. The attack may be initiated remotely. Technical details are available. There is no exploit available. The price for an exploit might be around USD $0-$5k at the moment. It is declared as not defined. The vulnerability was handled as a non-public zero-day exploit for at least 85 days. We expect the 0-day to have been worth approximately $0-$5k. The vulnerability scanner Nessus provides a plugin with the ID 99743 (Fedora 25 : yara (2017-11ac1e31eb)), which helps to determine the existence of the flaw in a target environment. The commercial vulnerability scanner Qualys is able to test this issue with plugin 276651 (Fedora Security Update for yara (FEDORA-2017-11ac1e31eb)). The bugfix is ready for download at github.com. It is recommended to upgrade the affected component. A possible mitigation has been published 4 weeks after the disclosure of the vulnerability. The vulnerability is also documented other vulnerability databases: SecurityFocus (BID 98075) and Tenable (99743).

Field04/03/2017 04:58 PM11/24/2022 06:05 PM
cvss3_vuldb_basescore5.35.3
cvss3_vuldb_tempscore4.74.7
cvss3_vuldb_avNN
cvss3_vuldb_acLL
cvss3_vuldb_prNN
cvss3_vuldb_uiNN
cvss3_vuldb_sUU
cvss3_vuldb_cNN
cvss3_vuldb_iNN
cvss3_vuldb_aLL
cvss3_nvd_avNN
cvss3_nvd_acLL
cvss3_nvd_prNN
cvss3_nvd_uiNN
cvss3_nvd_sUU
cvss3_nvd_cNN
cvss3_nvd_iNN
cvss3_nvd_aHH
date1491177600 (04/03/2017)1491177600 (04/03/2017)
locationGitHub RepositoryGitHub Repository
urlhttps://github.com/VirusTotal/yara/commit/7f02eca670f29c00a1d2c305e96febae6ce5d37bhttps://github.com/VirusTotal/yara/commit/7f02eca670f29c00a1d2c305e96febae6ce5d37b
confirm_urlhttps://github.com/VirusTotal/yara/commit/7f02eca670f29c00a1d2c305e96febae6ce5d37bhttps://github.com/VirusTotal/yara/commit/7f02eca670f29c00a1d2c305e96febae6ce5d37b
price_0day$0-$5k$0-$5k
nameUpgradeUpgrade
date1493424000 (04/29/2017)1493424000 (04/29/2017)
cveCVE-2017-5924CVE-2017-5924
cve_assigned1486425600 (02/07/2017)1486425600 (02/07/2017)
cve_nvd_published14911776001491177600
cve_nvd_summarylibyara/grammar.y in YARA 3.5.0 allows remote attackers to cause a denial of service (use-after-free and application crash) via a crafted rule that is mishandled in the yr_compiler_destroy function.libyara/grammar.y in YARA 3.5.0 allows remote attackers to cause a denial of service (use-after-free and application crash) via a crafted rule that is mishandled in the yr_compiler_destroy function.
osvdb_titleCVE-2017-5924 - YARA - Use-After-Free IssueCVE-2017-5924 - YARA - Use-After-Free Issue
securityfocus9807598075
securityfocus_date1491177600 (04/03/2017)1491177600 (04/03/2017)
securityfocus_classDesign ErrorDesign Error
securityfocus_titleYARA CVE-2017-5924 Denial of Service VulnerabilityYARA CVE-2017-5924 Denial of Service Vulnerability
nessus_id9974399743
nessus_nameFedora 25 : yara (2017-11ac1e31eb)Fedora 25 : yara (2017-11ac1e31eb)
nessus_filenamefedora_2017-11ac1e31eb.naslfedora_2017-11ac1e31eb.nasl
nessus_riskMediumMedium
nessus_familyFedora Local Security ChecksFedora Local Security Checks
nessus_typelocallocal
nessus_date1493596800 (05/01/2017)1493596800 (05/01/2017)
openvas_id867773867773
openvas_filenamegb_fedora_2017_9941306740_yara_fc24.naslgb_fedora_2017_9941306740_yara_fc24.nasl
openvas_titleFedora Update for yara FEDORA-2017-9941306740Fedora Update for yara FEDORA-2017-9941306740
openvas_familyFedora Local Security ChecksFedora Local Security Checks
qualys_id276651276651
qualys_titleFedora Security Update for yara (FEDORA-2017-11ac1e31eb)Fedora Security Update for yara (FEDORA-2017-11ac1e31eb)
seealso99229 99230 99244 10063499229 99230 99244 100634
cvss2_vuldb_eNDND
cvss2_vuldb_rlOFOF
cvss2_vuldb_rcUCUC
cvss3_vuldb_eXX
cvss3_vuldb_rlOO
cvss3_vuldb_rcUU
reaction_days2626
0day_days8585
exposure_days2626
cvss3_nvd_basescore7.57.5
nameYARAYARA
version3.5.03.5.0
filelibyara/grammar.ylibyara/grammar.y
functionyr_compiler_destroyyr_compiler_destroy
discoverydate14838336001483833600
cwe416 (use after free)416 (use after free)
risk11
cvss2_vuldb_basescore5.05.0
cvss2_vuldb_tempscore3.93.9
cvss2_vuldb_avNN
cvss2_vuldb_acLL
cvss2_vuldb_auNN
cvss2_vuldb_ciNN
cvss2_vuldb_iiNN
cvss2_vuldb_aiPP
cvss2_nvd_avNN
cvss2_nvd_acLL
cvss2_nvd_auNN
cvss2_nvd_ciNN
cvss2_nvd_iiNN
cvss2_nvd_aiPP
cvss3_meta_basescore6.46.4
cvss3_meta_tempscore5.66.1
identifier7f02eca670f29c00a1d2c305e96febae6ce5d37b
patch_urlhttps://github.com/VirusTotal/yara/commit/7f02eca670f29c00a1d2c305e96febae6ce5d37b
cvss2_nvd_basescore5.0

Do you know our Splunk app?

Download it now for free!