CVEDB API

Vulnerabilities

By Date
Known Exploited
Advanced Search

Vulnerable Software

Vendors
Products

Vulnerability Details CVE-2017-5923

libyara/grammar.y in YARA 3.5.0 allows remote attackers to cause a denial of service (heap-based out-of-bounds read and application crash) via a crafted rule that is mishandled in the yara_yyparse function.

Exploit prediction scoring system (EPSS) score

EPSS Score 0.008

EPSS Ranking 72.9%

CVSS Severity

CVSS v3 Score 7.5

CVSS v2 Score 5.0

References

http://www.securityfocus.com/bid/98080
https://github.com/VirusTotal/yara/commit/ab906da53ff2a68c6fd6d1fa73f2b7c7bf0bc636
https://github.com/VirusTotal/yara/issues/597
http://www.securityfocus.com/bid/98080
https://github.com/VirusTotal/yara/commit/ab906da53ff2a68c6fd6d1fa73f2b7c7bf0bc636
https://github.com/VirusTotal/yara/issues/597

Products affected by CVE-2017-5923

Virustotal » Yara » Version: 3.5.0

cpe:2.3:a:virustotal:yara:3.5.0

Vulnerabilities

Vulnerable Software

Vulnerability Details CVE-2017-5923

Products

Pricing

Contact Us