libyara/re.c in the regexp module in YARA 3.5.0 allows remote attackers to cause a denial of service (stack consumption) via a crafted rule (involving hex strings) that is mishandled in the _yr_re_emit function, a different vulnerability than CVE-2017-9304.
Weakness
The product does not properly control the amount of recursion that takes place, consuming excessive resources, such as allocated memory or the program stack.
Affected Software
| Name | Vendor | Start Version | End Version |
|---|---|---|---|
| Yara | Virustotal | 3.5.0 (including) | 3.5.0 (including) |
| Yara | Ubuntu | artful | * |
| Yara | Ubuntu | esm-apps/xenial | * |
| Yara | Ubuntu | trusty | * |
| Yara | Ubuntu | upstream | * |
| Yara | Ubuntu | xenial | * |
| Yara | Ubuntu | yakkety | * |
| Yara | Ubuntu | zesty | * |
Potential Mitigations
Related Attack Patterns
References
- https://github.com/VirusTotal/yara/commit/10e8bd3071677dd1fa76beeef4bc2fc427cea5e7
- https://github.com/VirusTotal/yara/issues/674
- https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/FKNXSH5ERG6NELTXCYVJLUPJJJ2TNEBD/
- https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/XXM224OLGI6KAOROLDPPGGCZ2OQVQ6HH/
- https://github.com/VirusTotal/yara/commit/10e8bd3071677dd1fa76beeef4bc2fc427cea5e7
- https://github.com/VirusTotal/yara/issues/674
- https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/FKNXSH5ERG6NELTXCYVJLUPJJJ2TNEBD/
- https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/XXM224OLGI6KAOROLDPPGGCZ2OQVQ6HH/