CVE-2017-5923

See a problem?
Please try reporting it to the source first.
Source
https://nvd.nist.gov/vuln/detail/CVE-2017-5923
Import Source
https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2017-5923.json
JSON Data
https://api.test.osv.dev/v1/vulns/CVE-2017-5923
Downstream
Published
2017-04-03T05:59:00Z
Modified
2025-10-15T09:01:45.877853Z
Severity
  • 7.5 (High) CVSS_V3 - CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H CVSS Calculator
Summary
[none]
Details

libyara/grammar.y in YARA 3.5.0 allows remote attackers to cause a denial of service (heap-based out-of-bounds read and application crash) via a crafted rule that is mishandled in the yara_yyparse function.

References

Affected packages

Git / github.com/virustotal/yara

Affected ranges

Type
GIT
Repo
https://github.com/virustotal/yara
Events
Introduced
0 Unknown introduced commit / All previous commits are affected
Fixed
ab906da53ff2a68c6fd6d1fa73f2b7c7bf0bc636

Affected versions

v2.*

v2.0.0
v2.1.0

v3.*

v3.0.0
v3.1.0
v3.2.0
v3.3.0
v3.4.0

Database specific

vanir_signatures

[
    {
        "id": "CVE-2017-5923-a3b3f538",
        "digest": {
            "length": 46746.0,
            "function_hash": "255817588264694491270603386259301270595"
        },
        "deprecated": false,
        "target": {
            "file": "libyara/grammar.c",
            "function": "yyparse"
        },
        "source": "https://github.com/virustotal/yara/commit/ab906da53ff2a68c6fd6d1fa73f2b7c7bf0bc636",
        "signature_type": "Function",
        "signature_version": "v1"
    },
    {
        "id": "CVE-2017-5923-adc57485",
        "digest": {
            "line_hashes": [
                "3238433294361946192542944747884565709",
                "118103087538679555866078553999066289761",
                "304389595400019637900851322332716759395",
                "250908590778467786071021435475134802421",
                "288873297850163886133740265395174914446",
                "138569556846708252071580360696395556519",
                "250627320508112384312182592625845558985",
                "302388238227377570441348976884367158745",
                "301745503152191876322184303314554392538",
                "218877624069360544430035802991982871051",
                "283964867375043813636038250528553147372",
                "10246620642217959627989631040304863399",
                "140826123429098326713815868999072207602",
                "86375847817122990923178354700517628604",
                "314172254286582601555849339066476329755",
                "54297033916623978603249746248255481623",
                "50391651025221385852682350136993554097",
                "24177997586974923094087656139879774555",
                "34118162108899096431093918149408730924",
                "184529972374266575809773177338381497661",
                "252926136610850290627730645893467213115",
                "261727999264052568974174284663119024281",
                "157555844821964903554480040404321668080",
                "173198744061172748435209987660689072951",
                "55409642631214004123911759851152712208",
                "293163730708319633088167652586321299070",
                "7968400156881528735138152190462458836",
                "154485645192334728994310005275034991265",
                "14500247185332069863001460920644920009",
                "287397024164071586881261162244290024716",
                "7052774108089883975425363647755663990",
                "59918301631254423481761621446445504564",
                "144058132699061734165644862248832672048",
                "283728511001225517746377355520703473886",
                "227243338705144023248761018653487939934",
                "324023137890524326920596965064148494989",
                "19860491429389618743582839285849008192",
                "35145808191913169231592615794021972138",
                "45310441373411733005838908376044036853",
                "42215103335180539438816342480305490523",
                "303617114137345711843955897604513081456",
                "26442710305648024954160659302903014268",
                "311898565524163148255895614327132414644",
                "266481207885059043726896225259877597074",
                "64697446789373370026092453849954939325",
                "303785261651154745049967944986351645338",
                "319373490983607966486693419403819288626",
                "20646060952652605444488278301258384338",
                "229916067305059047770675949217994438166",
                "254864424271866980413226855991817440818",
                "220676219308923636109022147135680806841",
                "53380783667722593365760918933399765484",
                "88871782353701548965870236433669471542",
                "251951701081018022608053837761757825980",
                "70096996850664727813277715925974052076",
                "16868815694982833155881314422336110265",
                "332427201895077087097399017926139974006",
                "5537056567644739130668678618016108407",
                "337614480310193864271827699551935697573",
                "144990593555094173163524169642523277469",
                "201282809709662570618121919507306319450",
                "65129513961166321300085236843041763013",
                "144651721416902815343923329044685218369",
                "230456031104350928263551023454269354513",
                "265822687192791165655503098008682360840",
                "292198741998970775905049783887688899959",
                "90837923361706635652982640544506152208",
                "275579164014798910508231452199999846382",
                "117508800270711270903802710516641200110",
                "221667493376035779158881621807639467435",
                "272527233451541151700204678990456607490",
                "112701896496740212199446830434699364428",
                "97600723664187792642858056970747706925",
                "281742385157007750465274452904216035537",
                "110775198528275444658887880776875336315",
                "210443853088034446477969161211940707415",
                "30531079216887511098225296652537428421",
                "335146975985980371097049100052792830003",
                "212478716525005814514543201655347126520",
                "35927571021400019217572151449890863350",
                "113337090594997459517161059474994769433",
                "94458081491768202109003613491730578447",
                "28473492081341054559499689951333632320",
                "24345429523845436952529972624263940640",
                "279666069453369630585289901364355268817",
                "138829523304238815029504240384586206372",
                "29555459115847773832443852913963566892",
                "72563608909370272072119770212636540580",
                "243868389660942441504407835728948192079",
                "336855802482597532228091160108315315280",
                "59704403192335319443955497112185201544",
                "197327503045085994935608462199121258166",
                "126954669767821054930115115047902144180",
                "94215759526107972129216055738690590892",
                "164484954771315607608151407917934838681",
                "196861664164310106016590565742634589282",
                "148907464480989377865427994601083387325",
                "162424165664518880994260066538323277447",
                "14905483171759557364195719440232315340",
                "337644570274778406358449295318947935528",
                "296157436007045200642876513951928676257",
                "2244778825801739315354178523775843607",
                "60174749077590905993495884932094125312",
                "67829344385630204412849217936116477050",
                "177203059778769939507596336039678403193",
                "162024010234703558175313038887044149536",
                "41685211458537731850343866810399974774",
                "104202505662077345906075013896564000138",
                "182575531532813619507973429732482740977",
                "18488748178391196364661979809715033012",
                "282444464027507642688246182221545950862",
                "101917520987989079297847084201210951974",
                "265074051153141053039239342484502186304",
                "10089435131143907148120790369276115456",
                "54749179763841918981050680160447214474",
                "252548547247465111416499931908751325004",
                "135701863467899931384839488322326231978",
                "220332093258823986335795639069174096389",
                "82457000608431534962324397196925399971",
                "273646315363123878209926644299331043378",
                "90133120115044119868905685421708039991",
                "11224440208404490845324727476329301534",
                "149609944751228864439897102944203508584",
                "205536909053649442177814175694781977821",
                "125722890495752412250663792286765368101",
                "304495442488560722095555407001533755675",
                "309973305073448725324881509992587405304",
                "165766385104529168363628996511804173032",
                "281080638682796460554773615419081442598",
                "172393709100253271852817917011124165906",
                "10426670833484986825381604510605225737",
                "123710813790938066851223102512680927617",
                "130282927683222547903296301790491538651",
                "150885827697850138488995849583943947502",
                "311728350738517125274250134070721169468",
                "53544780961923790577814758116940382221",
                "159073478794046932519899014262068994835",
                "220326523184552220447500967198855937325",
                "43498212566261023710550075814070443814",
                "216799818360426128784522496909112121180",
                "284574766848023650014267473085042253573",
                "73343658608392286834858540737766146190",
                "71651900737483043754172282542821728763",
                "147005193197543561185048681359885329316",
                "144960559297531509780102912486044697787",
                "324388666800851907675720041415147481322",
                "4145981515297530396622670684699811500",
                "148192178974631722462951932039244886368",
                "271318756360258589134649128159235817088",
                "180352947554506508355979504593229691783",
                "157029966551865208174294471934648591322",
                "194973547916887863084969256633383742668",
                "334707152228158812623527886940770514907",
                "121787327811260343805314224546708719885",
                "114118955673494507359546485838915543477",
                "15785656573994954782284177814624224881",
                "6544975656736536732907357943327787251",
                "78825619572448827216934353219528909853",
                "197722336255968199021050632663595248788",
                "233577491843516036054656315101011978581",
                "310686323322095632856349590388020147778",
                "49633692616930880626153201949051500705",
                "37295991780186628522380736648963397047",
                "186706567398941606246830234838609959906",
                "239112398984179393554788911874769317195",
                "196360836361111173425807937885708181310",
                "256440606246759927923164695204703982137",
                "37264971858042792878714375075988768640",
                "141874616928380086363836248486073346664",
                "318946671013271176286587888938457670524",
                "96130478857340391779732319829526561166",
                "156772249077953752645002768630633774775",
                "316078275287144692504231385365829483372",
                "17254915550341064467669525195141616966",
                "89579765860355310110251277421085005178",
                "10855270400010071877734558909388585940",
                "258715775328278626150654124254768089981",
                "280029802181986895778459586610330376567",
                "136511242333506917588936231104522956501",
                "245918134342449427499712866533846060608",
                "106241391944067623452227741203351497901",
                "87490349859525677538916289041654481738",
                "246821126841315166091914974400456122001",
                "118216701326245879969725200207607881696",
                "75696704595733245076663385686784825575",
                "197595841266943904055103672253236971876",
                "175196266534707546123843432202369154133",
                "17421744281704112199273040289027599910",
                "316034268972882708557161675314793310699",
                "248945589290629181891839014379283409123",
                "221260313754996414700856017297874616777",
                "107971242681296966301005918838779972655",
                "225874865643486782378767427497494210264",
                "197831548421687964048132509071418500123",
                "299393278105808940639250039310630748222",
                "208159956273493469493700944027765802731",
                "79087315553915823136057884846508652672",
                "197039636801689879341050514868015821691",
                "251950161944060171446043682826586308205",
                "28587345799197689476498223422349316688",
                "294549415357557137519828897338045102400",
                "136805946956230541700565679814499310732",
                "281192522920191558610204841705575186846",
                "177912686588121325041936960118947894494",
                "63218793726195118201916613704405149042",
                "264176836666219764788976686705426027650",
                "66706703439883353062501893531513519133",
                "152556222218726347314995688141059562852",
                "236704929779740657062270221304240168680",
                "320798804283955403993941512675659402222",
                "89459711584788900991524278920654587732",
                "240127026482329936518828658415911630385",
                "236886683304415533562942673727588017967",
                "222484629531019749932332080953588774616",
                "84950800226059356721983045788304138323",
                "188912587869972722714780853490092094411",
                "37664945712186520575437245459362717417",
                "41495152498339522411538999589338374864",
                "60124889266507933516144967451064476503",
                "82649641573553693769978959363016635766",
                "100464907831061705471192841004789527384",
                "321055996447369381423735573365219285368",
                "220067286464241628797810548818919682626",
                "333604123600064341669347520241509546318",
                "259539164247046698500794343549799106695",
                "86539596046490866916207929584575849467",
                "261904970657501970337122459760026100261",
                "146881689522505355035898101862054863267",
                "191943162987055658764236291456942345348",
                "98263558863625125960907874177429556061",
                "333795754911150947945269507776412781909",
                "1874052540102939959482455334586735172",
                "130248297215874937686039437379244770925",
                "290388934503103010712319521181693564114",
                "314247618333668580880458386730212339485",
                "7629607511961152780550185151434502301",
                "183058129974595488501843000962705470540",
                "92621313023978554058779507299326009863",
                "59018961509660327761077372376734853327",
                "118422189175092954032953344313861313314",
                "110428558833499232044663960097474006690",
                "238988238893444615923797552652313499002",
                "324355090405378453444770751517643791934",
                "28042881540538370757273721393080917355",
                "168421640607865184741431978379351903066",
                "184727559858622843033297624680713175878",
                "159919259110349006722321705953309525853",
                "313477085843278003486922708118748484635",
                "24728267532779222599934140439388028408",
                "111165418654615351887032367664870894149",
                "201681551053696557396729779447556640824",
                "99096146161675371472010289554563741142",
                "165802049895215461318192971944935001876",
                "51932513683479315115883350438658234007",
                "293980308448122784316621658407443329979",
                "184008312023198905152698571807322853821",
                "178774791730237817816241297260559541374",
                "269949027464907943954858881434715132597",
                "200798372892224067925408238154728632865",
                "3283106355016673896826894136645696001",
                "32873105474472437547934571980199096053",
                "127432334687156900624543637300836739967",
                "301595077969666259145301708156314565124",
                "131280382808306298122892234903194117326",
                "72292831122678798353335912570477577588",
                "158636120676924763284699552470834279918",
                "67877609626413016907834808782669306818",
                "178090109129601892585201198562011148072",
                "269692533177084541599693354079738555733",
                "176190224462150771289413938540415223684",
                "233020824783184912881660465102804303151",
                "160194136487965026804678647902148390086",
                "70234277844094768893080269971230923724",
                "296370526238417674332294527672818921943",
                "322205813716859391034109740949452619682",
                "31410841115825593588578539089543672493",
                "127145727102586503240610504260339603180",
                "316303922480982276642176004702747909131",
                "70126565478419333183819444523046828301",
                "43313444609618430646307322133590241985",
                "99123015354967954774863349995729170228",
                "186812615300877720238735486497740255053",
                "112827467129795267162705975826961422231",
                "3226151737777028805946756124211622091",
                "244293980416663474349176240385209594660",
                "59563429816881422428677986503903619832",
                "43537969167559848974144330097717205938",
                "193818620518685453100662354658184603083",
                "300331419205904448829042282734712055990",
                "114280987826866321489882795988490435131",
                "75271782766897492866522162015309609453",
                "14475964401649785525549086651537252473",
                "312169966715787485806647488146391943752",
                "20689579294527789442104484098204782248",
                "122680987935409117621888673752096412761",
                "11227666882956692506403251541467084911",
                "88848321281718029040248737627685055020",
                "197158205835448930352909021679108293164",
                "114280987826866321489882795988490435131",
                "75271782766897492866522162015309609453",
                "316451887630683727405983508733978341479",
                "244662196721916558890085603528526564605",
                "25086638140505005164722259276719911982",
                "318341097083568064065769637408639719241",
                "182439771858087126587786701713637372326",
                "114795980056328881067813151975311185347",
                "194895544581825820058424958169217364919",
                "108078340343678220965180287646012179760",
                "169739557453998779035803440463339962819",
                "116131463760304718531594218245898236945",
                "131465571412587676496470555617633499806",
                "39231737441406455350850072361343408476",
                "207597535333289566422066268508798511296",
                "142953333433798738498113574910070721994",
                "320021459724248882674618913968597744092",
                "192845009083291299837315449015010324085",
                "287926205973566440082757239249651000012",
                "22064129815189585834548732968098427194",
                "219274548291080886390143281939774155939",
                "255248811304320978833269999324825698052",
                "237405256348043666610368235601399966651",
                "41213615939871671022844159446424413136",
                "274199128383337391864215785924771150611",
                "54363088287120988578451095010154497700",
                "89789567189654706866868076387713237390",
                "26523539554421623556799555604710670627",
                "156146530106410926850008137035267402370",
                "258676624163014733589061790684371725941",
                "292602876234697453641705121267108084759",
                "34011712080494120566171866950186595957",
                "57990615018453986365433717280004021031",
                "335771056199223450245894854793672970843",
                "206470024404063684856243413821970268436",
                "9435544186231832904240657223554324150",
                "234952899957625733726581661154035813432",
                "162737499387363652016865846468951172014",
                "220894120958419734952580799829935195770",
                "263182572277870701369018187220204640204",
                "330096035143825879265527103877903824948",
                "154222816702669327788804111117848821941",
                "91911490690033650510130908211340881795",
                "287594398678674879321908429626930982957",
                "269692175010092944758284971123134621395",
                "220674882153494519729458992469623825670",
                "97523557937290165651556174794139901180",
                "312359377633799688975744853146363452448",
                "223109533270776743164597993415214950988",
                "338695353691145827175701269435616023808",
                "194052258005633927340992528070434560949",
                "203626213222027455222782834086809141371",
                "249280659065496435001808890626764446865",
                "224809631734328031411934636810575526549",
                "229567677105916184795181276491387107807",
                "130285372547270699530975638405653528856",
                "314081510635349252705748237557716421067",
                "5645627369513727816494886957096764645",
                "307012956170379635349969412346211976320",
                "217158312014420304912513021585944174840",
                "114220662494141599482092377006874417231",
                "175841703363398231536060106767858593895",
                "253759513250500381530001622326833995232",
                "43292508348179154182289411407110560577",
                "108350896675010834057277648526726638385",
                "42727627485210593416067044291169323121",
                "36882938185318180259793704180418116493",
                "75480983131427785540948299897342223098",
                "89078356170960829151381656450414051020",
                "96783121654958591983476506014345445726",
                "155321055657164129561005820308449834261",
                "141752677713516006951988148125670177886",
                "35938563842219050790577349532615474043",
                "339247147837795494042602340456885005172",
                "296519456067460177399386720950401276887",
                "34657262281536791330752868746169350266",
                "46331690384047294985028042059363609903",
                "285741592409865929150804697580135790719",
                "251843794942685810299234664602202949684",
                "188436933208803530574728565044922443996",
                "60102947490774311771286770546443333307",
                "79645824009518457853548206377753372870",
                "304823202496534082559528881485660681355",
                "109616195632562664292273255250139651619",
                "311778012395262154509313044078561364794",
                "330021318043942277925428135888678360480",
                "122236312650889252547404368875742440681",
                "295551988070745966669546186334109120946",
                "162203593609249208878853613920026208727",
                "157602527118009005068713151842103876819",
                "311406244062177805655387643642304146546",
                "334825568626683482854375481434087428833",
                "181027521082659510790345300640967706103",
                "45474509520695119358252287233356856264",
                "13558849144000652888234628903978217549",
                "157847678659269310737660678043997097172",
                "69786521681587968538423691628747981231",
                "58854600884925182395781553949685054918",
                "15968130066051595055206560358887516127",
                "207674268223930428630560954316757510127",
                "28929837908602569372002492081724807702",
                "42776318599811832752756039826543429387",
                "269410709196324774147226456142836728271",
                "16234523619256863090763742889752505495",
                "152412389330795470850414688702835229193",
                "135688543493404418100080136624017314113",
                "59351846148010756491621438427579652368",
                "101953945449631174825345239513532896758",
                "256175995167676402924962837078425132213",
                "95932976264386194051904150014986407541",
                "31202003794758361372029152801030840500",
                "271933690690961296961060190786850534392",
                "184824983700084670446435169651080488055",
                "80446359474632504979989605829722453178",
                "209082166551881823027853420507712422302",
                "113455957574087434997292106233850119547",
                "83474055268755780687085774348391816007",
                "208220826510502999230542555954187564299",
                "12593459754058238941498645081622145361",
                "233557978076619412984391510372154861880",
                "231457653692384315465664961475168188109",
                "47563882251547848931042039928708881603",
                "70435105595219149798140710580754454640",
                "154338798799417368700144679335922862410",
                "266159943270252152961756603877699303683",
                "299970122601400089515281267354110154871",
                "220704547509496324405883732477051990972",
                "328944144093606446786403994940515135127",
                "320151566071982210349055317498554831482",
                "150332943222082307629009678166867030620",
                "314134269673995136928145059786446081604",
                "189913631176531247599718705157525814563",
                "146294289761624273401087454370852244116",
                "47173810422106667496025478806152997282",
                "173449964190922303708951115509794300848",
                "244884837394616730887095448752155663827",
                "288195798355301742676528012370418902179",
                "41191066532457461446962840603119868038",
                "323317737995236577201486847187217345709",
                "69056085768062261797509222868716851705",
                "149290424498146479065136765493963153779",
                "36529189803012285625039793918577625567",
                "226284538487283907701642307697306386829",
                "112018679456607052524941300398012943271",
                "1080900811761310390745622982510758469",
                "206205333433446310986356021977780074459",
                "177527390541177182767535875712483266508",
                "253015105619112375482835023399311908621",
                "216229046402746445431252255526038998177",
                "77073431430256685517149924479676215424",
                "87341893485624373705038589379371893139",
                "41158774061254845045117392956010591706",
                "119418632301450686362986691636267813283",
                "328528027842233713175296647209610156016",
                "72774654483320540527693884523903907007",
                "226188386251267165134782349410958443235",
                "98938058334608281126520267561987949334",
                "277694813227757967371112388591291261004",
                "65132615115632321317263190183408020789",
                "223958434112331114475023327143375297968",
                "78106220741068780303079822819391603718",
                "30948005720150524400655400551352161441",
                "302855809849687243117889044531100765544",
                "185829081646307239887690934255140178947",
                "113260077537680729395353485342008977253",
                "142560129366216518010063803812391820546",
                "101672105744780894260307481036505363634",
                "331253190744678888071690988440736495773",
                "212850181058635923499859526997633971942",
                "94599329242176730874861881929096577776",
                "335231356964956379742310084724440488784",
                "174097193276199645383218099769014824893",
                "273320705011167504025764056900871016807",
                "337682961082720902377098575459221142250",
                "101033039265651762526034657891448890380",
                "186510134248527846007436484801555883513",
                "163782392019555003519010416552653007124",
                "189812377887852164853211486602611928673",
                "178059568451716793288117086258261109534",
                "228735590964653204095398387623946549815",
                "165214898441696700236221805920376034720",
                "148517807485753081864884961395867328462",
                "283058649098439505627320170102123528638",
                "267404395902012686873267480530288560591",
                "17235327449990054096068504012926734916",
                "186061108156686844111025501114882251286",
                "92323159610889925279391807434984268751",
                "135771753030354563486494726570708390852",
                "33485446304210484650175818671502349084",
                "176912338388272352573414248789654981069",
                "46959063315821326406738344869231079763",
                "177908712475950657545845633822347002035",
                "78427057698349966796675533800223175544",
                "260863412950095336523213783438821508667",
                "122332900760413171200570896015072843393",
                "160833520137719176202778555585315935914",
                "226286958077579274916896562697518069961",
                "206618948884312714603312271439730234685",
                "163290545162342692903349211218206168940",
                "225659884749368866677783312514291434478",
                "106436468948711281661354297935929371866",
                "187568533372145921704576848119102083381",
                "232788534100041886924411501001394338996",
                "104894800637793375366094682251463890285",
                "40282061071414694123133737297012245622"
            ],
            "threshold": 0.9
        },
        "deprecated": false,
        "target": {
            "file": "libyara/grammar.c"
        },
        "source": "https://github.com/virustotal/yara/commit/ab906da53ff2a68c6fd6d1fa73f2b7c7bf0bc636",
        "signature_type": "Line",
        "signature_version": "v1"
    }
]