{"id":"CVE-2017-9438","details":"libyara/re.c in the regexp module in YARA 3.5.0 allows remote attackers to cause a denial of service (stack consumption) via a crafted rule (involving hex strings) that is mishandled in the _yr_re_emit function, a different vulnerability than CVE-2017-9304.","modified":"2026-02-24T01:11:50.159753Z","published":"2017-06-05T17:29:00.183Z","references":[{"type":"WEB","url":"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/FKNXSH5ERG6NELTXCYVJLUPJJJ2TNEBD/"},{"type":"WEB","url":"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/XXM224OLGI6KAOROLDPPGGCZ2OQVQ6HH/"},{"type":"REPORT","url":"https://github.com/VirusTotal/yara/issues/674"},{"type":"FIX","url":"https://github.com/VirusTotal/yara/commit/10e8bd3071677dd1fa76beeef4bc2fc427cea5e7"},{"type":"FIX","url":"https://github.com/VirusTotal/yara/issues/674"}],"affected":[{"ranges":[{"type":"GIT","repo":"https://github.com/virustotal/yara","events":[{"introduced":"0"},{"fixed":"10e8bd3071677dd1fa76beeef4bc2fc427cea5e7"}]}],"versions":["v2.0.0","v2.1.0","v3.0.0","v3.1.0","v3.2.0","v3.3.0","v3.4.0","v3.6.0"],"database_specific":{"vanir_signatures":[{"target":{"file":"libyara/hex_grammar.h"},"digest":{"threshold":0.9,"line_hashes":["69789237471451198108834469885647486023","269414128706850756821456749287221617632","164622608530209594471831052374669324104","42662566489296522680330358775066911084","162579039861769484586297863839311058184","190885860809011863934506244850128825665","320902841414190355912183013954522654395"]},"signature_type":"Line","id":"CVE-2017-9438-8e694978","source":"https://github.com/virustotal/yara/commit/10e8bd3071677dd1fa76beeef4bc2fc427cea5e7","signature_version":"v1","deprecated":false},{"target":{"file":"libyara/hex_grammar.c","function":"yydestruct"},"digest":{"length":1162,"function_hash":"68813044938896408185840437171633421528"},"signature_type":"Function","id":"CVE-2017-9438-c62a44e3","source":"https://github.com/virustotal/yara/commit/10e8bd3071677dd1fa76beeef4bc2fc427cea5e7","signature_version":"v1","deprecated":false},{"target":{"file":"libyara/hex_grammar.c"},"digest":{"threshold":0.9,"line_hashes":["192717368838832458576044572132030617958","129247200333630882484616843193064211224","300973038780496745595813719264734357454","71230126174127701102585814538858344032","12363238472737280928548636390805222442","83717787398730751176659433103443666469","175699009895949269053989379221454237509","69789237471451198108834469885647486023","269414128706850756821456749287221617632","164622608530209594471831052374669324104","205768724020805068410494174365583422852","89788756270244609102980415215643363347","13131583762010076660909353596991683670","58910401768849918580157832879162913390","78867125589460831138838817677612102131","291856943238180135095266576855426710225","266881727676361990436884014998638525497","238349005140187959571665384949081536768","136361588853020276040419421284366267375","291756886236339615825113800170087277268","154261896925637264281187103967430982304","275869502575992827401650315007941800084","325772889990944487933530965481218709405","60699839343189834271016302283348188345","110613677301600281715938228961409092276","335937530249096365915866205684964503532","284884176282966707703204269345515110782","271374533222253992737777040972854566138","56412836571287859043550873388133372673","252222607064498230455337656773379171917","67212086229024584500348938492565283247","42608148514758421146238999629078640509","23377641094620152331383795830336125849","80271207395051717056058182537057549743","278134778511897241854673621670100157867","97651002683776120810234427374703328395","272291545406612672673804424982586812667","298285662593973023475660317241391776750","53818153652468632281002243223246958754","71193227689480935057130669777136150397","284462717121361766320930958050831817756","14026146989797055531743776131596318992","281257251614624281561638799573546553032","61090108649922892720194895012421997752","124525594657320831863081578876015681755","201161364982614989410646734760963429826","163436586089757649200793995216354651403","52289988589853917387301660120344427974","219117877516790597758614275088500107211","186996769171513576875599459246467741213","62240422931435091664349462586488616686","300543664477276491961568160850189498183","83934023072733030831223897103044540051","299864787045739760566733958314691001308","2285823777435763829971241254468238915","116428202149166339076572290531543479076","125992272590249043716907008737825003537","168959412852624638624684448741945968911","130447484845427175663412636948376800564","154160086897053466584737155519300761045","25935876115644930413280740374357338044","328189462264291829508015229192641155395","93231124741314173787917843378806983038","67248411791582343210784045061804842434","300573284289823976827158330365515170904","334132997438170981781138870538404613515","160211143416533203530207189346713429223","165366588327240666721385991040024531126","15682073760038014818356600607713496718","163604913749423065954277032960052792526","78546385553917096461409441513561880971","176616967943239642866334663011839403631","329746826919669002876181633079976288512","129471586786467641602141955916555248017","339437740924147983411433366488876229787","208522284580388150305119256200933301803","141048999937043113348111413604070575369","296590598625601592594139463653986402774","181388098810534679782696578458133121967","59128221783633372012272377020500553175","8503319641066185508714596495239174086","202995209531865545618919749679304240642","74662974917963956678066474425359647768","170682689691269758182486352507349488229","320633426399844824425197093390096429328","113523601004552398571291265827642950550","38465953431809996992730034487696150722","75794400521532531191412978406560679742","253987601632784796424599353683542909487","272938490155331347348378268102032102013","230914388631632618627470539385384638372","24673125920749766574939449443688932038","278279693970547425559250493847969787722","338884083332064166637243686916970905445","273296649702924965166490578555205939520","89876052371281844402129578710882900243","246624329557458267255162364557914112296","23124276418950455020473617688913238927","177953417602936611512290585025037419053","25052991791398788520714893957224522239","163981779619213410625476310731957149246","71313046448730307794451311804850579575","279549133691415312562045303509285290091","257722554521999969247543106616400050674","238456212737086406310671695159807520433","59128221783633372012272377020500553175","169828460360696494665165251782231603308","279454235691079495215871377177271312935","234375607108145330588268692084820648882","61956300002399227280997845423739073341","169668433529551033364393562090722017266","129508625450878906425517973730191490137","233400424000367763085736968983430397220","300986013449307167870201405798130967538","131418136973880111033436188852519954924","270175233798592344586826881676623502444","61420815815823870171095607328665020579","275708030289597851932116120062982835141","165294692274835850991035921361883067146","4948983170487082437994621164084631687","184507106568392001151239075654573592234","169177453850507481180460103572143886072","219257538460082866849158976085445864086","76022807499839055653644365922521394270","259405283925568750110661607757175802510","231640086390166977630272160118190710750","120350216720735029260811973234192488315","15159249202904673467836618443232961825","124709867928182854584729822927162580249","106711561338178571417575293001328477560","170369687407829083745686108891141449340","5208726030948006968958380821880126833","257094163765512323498471257521583229068","111626369107972009295600120912552662771","33148126651329391612291146854660524647","183187330153641881379737439957152266932","107807290438997936311264975785987171439","211347564370012383417507890376779669509","254482855192252036771735224791401384636","38656366356420917893754807867785800040","227951289424363850623797218399353757455","242072072456856008010787060435147075507","314848905283104764017860817946735205607","34971831146117401276027598321621931619","122159545842595118774780934834164220801","313626555487660771357840801445938060798","65151436129522242687885682992754525284","35377986740474481055102788633341456817","18074710509092581405462383891385353624","162859252861215001907544249473410724165","204654233232133640752749654576379293692","285407611212287223808663970551502758915","170015396655824201192978763492908424670","152363698996981655178215457002468691608","271483585034752019695057006493020820975","258439163633401349233800015874623686803","280458685827953095501037235900233666635","88973182866470521452901120306731848195","106839922739880590796954460007726167097","156685828661998327904393835278027055449","227694073545517849960124355400047458082","260151104561437512141551488953824335595","238422680252249155063554242547428388569","150958487836575706301956359865162267114","296400324762856662987043068605977269429","160143021313632026242241733909657622296","256431487980795074524395963766835872582","242684694307174124712986494233499948361","211727203678133616141040677682701093253","203214339374181999745727092732633331048","166872384704156287119307915394612567223","145636589711467557909700099221665163041","203158994821286285150576510484314764221","77372607731755803254820308802002570782","298469028818041137035023023815694196702","20508115533552149320345903998824963394","303317289651024486267307983328894308305","240559188817535103131048668162254515497","189205200694523131986960115662442598041","157917838909020384497144530381927519601","166155876701133360874852784724872770285","98497654179521907078260115621197347875","232366924620689029072878092171185509275","279718219523099427821894931654258273525","224288564131787364730011843689045888683","50848306853884670714297885383588090522","165511158669871620186248512589294860832","15582042138592740735108796040878110128","15336910149392040976279288720476343654","169199387205232446143886368972024264766","330233983008854911081608030092730893436","182993488685952432600831133348237726095","7831999371745607248367024742082176713","79118904907342542045450356236332756919","283629493206435894183897382800976972106","272111933927011504885903803428809851009","328434619039525895278752463784316105660","120561423828097861650280077203029202627","41307965296779286484449615705268517390","121910125431390747191180379945437390875","279099340486248484716691877604142895944","213480402891672950876003771658168576234","80470887662490724736993973766209999546","50480819163905936473692020672284289762","65781842727552745993926700481311531858","205484140856837549196521323059971800224","43184835829134487634673065386929373907","114962447928550110739759987553470871879"]},"signature_type":"Line","id":"CVE-2017-9438-fada1f3a","source":"https://github.com/virustotal/yara/commit/10e8bd3071677dd1fa76beeef4bc2fc427cea5e7","signature_version":"v1","deprecated":false},{"target":{"file":"libyara/hex_grammar.c","function":"yyparse"},"digest":{"length":12007,"function_hash":"19596491565255655875006112375726264717"},"signature_type":"Function","id":"CVE-2017-9438-fbdc44a4","source":"https://github.com/virustotal/yara/commit/10e8bd3071677dd1fa76beeef4bc2fc427cea5e7","signature_version":"v1","deprecated":false}],"source":"https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2017-9438.json"}}],"schema_version":"1.7.3","severity":[{"type":"CVSS_V3","score":"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"}]}