CVE-2017-9304
- Source
- https://nvd.nist.gov/vuln/detail/CVE-2017-9304
- Import Source
- https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2017-9304.json
- JSON Data
- https://api.test.osv.dev/v1/vulns/CVE-2017-9304
- Downstream
- Related
- Published
- 2017-05-31T04:29:00Z
- Modified
- 2025-08-09T20:01:28Z
- Severity
-
- 7.5 (High) CVSS_V3 - CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H CVSS Calculator
- Summary
- [none]
- Details
-
libyara/re.c in the regexp module in YARA 3.5.0 allows remote attackers to cause a denial of service (stack consumption) via a crafted rule that is mishandled in the yrre_emit function.
- References
Affected packages
Git / github.com/virustotal/yara
Affected ranges
- Type
- GIT
- Repo
- https://github.com/virustotal/yara
- Events
-
Introduced0 Unknown introduced commit / All previous commits are affectedFixed
Database specific
{
"vanir_signatures": [
{
"source": "https://github.com/virustotal/yara/commit/925bcf3c3b0a28b5b78e25d9efda5c0bf27ae699",
"signature_version": "v1",
"id": "CVE-2017-9304-1c94def0",
"deprecated": false,
"target": {
"file": "libyara/re_grammar.c",
"function": "yydestruct"
},
"digest": {
"function_hash": "219659464849760317020131939953109691398",
"length": 930.0
},
"signature_type": "Function"
},
{
"source": "https://github.com/virustotal/yara/commit/925bcf3c3b0a28b5b78e25d9efda5c0bf27ae699",
"signature_version": "v1",
"id": "CVE-2017-9304-75f7fa42",
"deprecated": false,
"target": {
"file": "libyara/re.c",
"function": "yr_re_ast_create"
},
"digest": {
"function_hash": "30030015129933714456757088833180843939",
"length": 234.0
},
"signature_type": "Function"
},
{
"source": "https://github.com/virustotal/yara/commit/925bcf3c3b0a28b5b78e25d9efda5c0bf27ae699",
"signature_version": "v1",
"id": "CVE-2017-9304-cdd329b8",
"deprecated": false,
"target": {
"file": "libyara/re_grammar.h"
},
"digest": {
"line_hashes": [
"82059184431400555530112274016671736929",
"66280413865697557018469097521008883276",
"158052602634461324645592774293372244194",
"275397729117026176401934781824411814732"
],
"threshold": 0.9
},
"signature_type": "Line"
},
{
"source": "https://github.com/virustotal/yara/commit/925bcf3c3b0a28b5b78e25d9efda5c0bf27ae699",
"signature_version": "v1",
"id": "CVE-2017-9304-df5d5ce6",
"deprecated": false,
"target": {
"file": "libyara/include/yara/re.h"
},
"digest": {
"line_hashes": [
"294121472458702354548937606154909373311",
"216847835721499864060396331486637443944",
"5035433029318043268820266199532415027",
"94315763952574328699335756170535256723"
],
"threshold": 0.9
},
"signature_type": "Line"
},
{
"source": "https://github.com/virustotal/yara/commit/925bcf3c3b0a28b5b78e25d9efda5c0bf27ae699",
"signature_version": "v1",
"id": "CVE-2017-9304-e3961b1f",
"deprecated": false,
"target": {
"file": "libyara/re_grammar.c"
},
"digest": {
"line_hashes": [
"85377343307373693491863099246422333122",
"86942825091496636612066189049919451547",
"300973038780496745595813719264734357454",
"75256938401736187450332579112989585882",
"11932016096947208941009335221714967228",
"43415517527798419333867862355349825513",
"161899066095361760268755459584097579124",
"82059184431400555530112274016671736929",
"66280413865697557018469097521008883276",
"158052602634461324645592774293372244194",
"275397729117026176401934781824411814732",
"325667883650245350326147398184587868410",
"84601895465838406723522283463076187474",
"302671964610680934200283008794137067752",
"53754384773240008943538662745574976981",
"109390270914419882447410343544294800064",
"33908129975082323196816193355352704244",
"75592177295282543870634622190023799670",
"324237163679574987384805081451587744171",
"19778237366271050795487082962488674908",
"182303355582564740869817622892293313516",
"165060584717659056282260904569957787715",
"323582124920897409027467287358168672491",
"236686862276817397147544408741107863944",
"22281030303713775035573648118048970269",
"235088613284209846781091995226551973366",
"258451699288876600777596965456350618584",
"296687170483996717419062913216392761327",
"208634293630549821238043210778128042206",
"70458369523973114204755084905146726817",
"315812068680903600456835631600031198582",
"280463002950506008623088323552121086935",
"78698720244239286513528344613843806781",
"96864795970088376949707129618334820885",
"271321349230431163785226473034798295100",
"292688719212849248845608693176220959209",
"228809660392376355624614749734547565926",
"85708027635372922418515737060425161309",
"203909022048094079554473115815231719400",
"318336096701747514735350810884137070393",
"301036377287686055331166337013584471144",
"326232884046231637976633596922641471017",
"170325943023668805399406851905957512611",
"337603781859741227969842978591558408573",
"96777231042504912710971463146070189347",
"275337440101427595058261350256053778710",
"6199624978731185983289572624894458806",
"139876831272703400909838323286294013475",
"138329433658957637678000947715920941543",
"306856609095607781944229026493977854571",
"100811231453741892426982508222973187614",
"306525997657720785725424979565169209311",
"21999605668351426725408923889171044498",
"122526111784854874729537882259755523539",
"156130311332530483287650975728799567593",
"229717540393188756918655836966628909988",
"310494835205635186241841715362500540721",
"241991509936573913647053301111968279728",
"285403336482057517374664915439429652324",
"17799565718748571315524378506534086746",
"128923812621450854788351465577341789913",
"124705012773066466672831352977275781156",
"257009819471456883687028644823988715019",
"174512818164529277824398927481379398375",
"327934754932786286712580295056889920703",
"187625694368997803678211707375158128106",
"140867496790831407223664487479624014082",
"233227354854853966476240443580715040638",
"147654834317662581008693944607672191122",
"238012995223110776350768155208806253722",
"113652684698738423173422500975823633424",
"29357347819495120740262671147093500236",
"50848306853884670714297885383588090522",
"165511158669871620186248512589294860832",
"256147262708709171880053680190827054206",
"4216049404200190892405316258143828201",
"105992606901903873292577659472568644557",
"185587141298098497152866196198588256152",
"57504325774078959438888134184605765683",
"298712888856760357361321982815670659990",
"173162970901177976427505337622029947713",
"244459274910728337995751563027032390551",
"208233052835694524378483530678872088442",
"71385681555030420605840043546648060777",
"191469210201156654852518058553666911382",
"307569124572698569747452435265174185342",
"199880954605050730725861836709450264078",
"104888931659717504087633781632368588331",
"267425712258955084360348933783079188015",
"138733888337833551289503264014404929377",
"186613564000336946096828088519030715155",
"309705528159894966933284381332234324206",
"284986080610084462848423859692273149945",
"207924956560362713371832305739550031345",
"101335458854813628795672956199671215552",
"252281817950895247632346345954227897270",
"23299225976390195704646620910365416486",
"321364906946717836842951922955448707611",
"59128221783633372012272377020500553175",
"239940080780421143357672613287230137069",
"258084299142198712989067620794256186721",
"50716706382992669629375454953608163718",
"241577356606609058373842411259635713202",
"314777542727264732387923869662495975429",
"59548200843059939173923906607133329605",
"106162552244348463981829822675744691482",
"311910954865772547712092778560979926302",
"238118618131212775486509702091498885546",
"112061376176394398228326513830113265371",
"261009062907983626389177033023772103207",
"185222785556396141870078686586674580881",
"316299009380112809059829299944788074656",
"264722298670256546443453398042726102404",
"62421633903976743224613935529759499779",
"178469614742505086674760473699556999166",
"143392506547150454044444860149441683501",
"221164184301016151905083538471061192554",
"44571784284734790712220510026140728142",
"843824610429147465921953956844780749",
"28617452756856746847839699213574213237",
"154041035077919485423065258237646536353",
"173147526616389228912725643564831984416",
"81824972314242353648052367306931406971",
"59730166675641462942389994560168682101",
"154992825498874947511232824063714713160",
"41120902561467155887331604109617721574",
"254738471871594773930933359698971407797",
"291430629774015042791828044897508232125",
"85374082271570759522610846771130976672",
"28427016546237449752870813216871266443",
"156400456860642948117571133761252228921",
"101504306154407496823438001616590901958",
"260535007128392435002483811886501058474",
"202523512151870130038642993342287310117",
"214914594306973041381523785595457408815",
"96282808904238179470166384357865044250",
"132096177858219218298767725886400407060",
"21528587484844206159910945394592755566",
"117947676344235831813228659527654046974",
"166545418697551925200002698708196591406",
"15276993501350378861730038617763484034",
"140434336161345826774045138583763903157",
"265660558825589495127218861636195926352",
"183409587311376986231455786564123581921",
"331879650000026461381417861256013260601",
"249465094181939192077494356989375788254",
"35094784709588742511586896070805211403",
"311201949544871038002809853759666266333",
"47575403372902737252308896938125843294",
"48466310269733592002188283699347817305",
"200241138106641920700157349923020819089",
"65212252483926961546331182724727566821",
"303483697402478991312238177237872624748",
"212883527598945302536436916730593068524",
"47775792556959373845677473400860280320",
"111301685285393295598592462820966848291",
"227920659025025998046793145212458798986",
"292994813302951804157814494175670185687",
"46819324230855040033077396357723765953",
"313765340640739453613759835778559001617",
"228888004983874745785151360336773573987",
"281531713971715636050219570282457515415",
"57504294807125876103104024468790380275",
"128558888513747837119110880828918623531",
"95112357032627114021369917696002040068",
"271611347165428431141540026582663091973",
"74306269487418042508278168874776520999",
"104906248333944002420935642016480096126",
"113955521345624305969965391968338439096",
"194913768848898590522591953527538214148",
"214450917205199149934811534987806768200",
"66798853742262772238236180181059093261",
"151993543681861832362333366510209225040",
"281723272907663264182780600701171514994",
"100686499777720130830717394675089659134",
"298590465622559797605643234294732739181",
"93267657201187040094516125983035159996",
"87266295087873491513580434205579242013",
"155432271984265750166142545156925464984",
"82772338516713630756664811119224669516",
"189385721446243010768621739905873041897",
"3423642879574410494226576233089863226",
"190398459308201603039281205381667807461",
"80074480330276960364668018975394604192",
"230723958862021563446696289827247909281",
"198919529245153247975344267928572452288",
"87740842093823271793013177162920878988",
"247529620259256658065196275846732460034",
"25902968941802132484073207078034494292",
"314594338312238246332732735021418303152",
"233566215255405554676992339140925432036",
"13188534971635788071397625278499535963",
"115642826870885107984591360485339726970",
"231915259592931575177941519703510439603",
"126542150664477683704124935755717452143",
"246897436920435671773940158924560156391",
"168889612112982261023027858571301850823",
"237725537887283139975332534471589304581",
"78758710203380597045770307707285459485",
"77074284804165194245154871573689513114",
"154817915222293169519905078141190620907",
"307482130104830427367141355107430481702",
"235628927416383060064732824247844270262",
"220135549647144959826938454472712442242",
"285767392673344894266724944457832652149",
"40980359478496269689595981537638512854",
"80131299920485460996236056178586935700",
"250825692616821224418675831797835973641",
"172215856883173719383983721293284656477",
"313815667014540957752165253381855131457",
"113739138185757906033123993041659014135",
"277563690347187788529529810548518645051",
"14892659355738575500248578223453778092",
"34401283206537989704327046940157819294",
"4674283215010695829169339963602854092",
"297937984785293761139283951626662972692",
"272407624533691153019870236791058306528",
"213114906249506250935951000051863866551",
"5200886166281280057366595131600513716",
"209157025236490886436601364181942357553",
"72177214546538636776187926086665231351",
"70744849287620572830277770171501383312",
"103771468409564036570470968972283319232",
"271368427445141484151659280347626354186",
"49422053477835665849517896119608470398",
"314611827906336668372681139629431878795",
"169984647503231613963919172704994635152",
"289745223887863202322561222204522464822",
"37422223352474905635334155699882675346",
"279265265419159435183428433029928242953",
"260882048790984097194409442314548888833",
"245432154057010887038404928385720433169",
"61210723499003636296783113322486347911",
"155357149622919127091218627504914144420",
"36237887013806185479316798746251820294",
"288270455724362872973724799603659076313",
"325034622500128790558015466401034706628",
"256773001216581524160471299390637195964",
"289799172666867331119696601362896980914",
"48638516897160083558568899106968052746",
"263963863528355517489706119197610898575",
"109884115815509627524793052607130923346",
"138786183472605459546909449039895561058",
"33983865341871173407289140609167514505",
"177316467141495285489350789554413654746",
"267354151520404307662516879524917101945",
"118057216529485277623396878974529569270",
"231489026519521657532074518895568472442",
"49798181207400133148692292443914495871",
"51645198795375174762744179192438265268",
"92951573539862167211851733325659206845",
"113608816810493754869175786318805058739",
"275299562594478518714477113091417716862",
"281152216579308986003869661655244856107",
"126578819334656772793028228711107809610",
"181634083000834764918470224776148807727",
"150257196881297601883388517052143287018",
"14846782204725813178192413892734890210",
"117411046628538907154182499040840181309",
"313284077082727081703082819082307426614",
"181871125326366892713601188766258583405",
"127277601390732916318818525016741789006",
"177196995025387576640365678309884275818",
"5151373654064206606183730270238655403",
"250570747492116686770167635570898435261",
"59450944482664063734504226755511452690",
"246400316499023186005784797746967158863",
"197520958521878962589650168767930332401",
"153292566095110436338546290571936309044",
"27046581611800731231467688408126872884",
"161920449911308957354524928902885107570",
"160286360328827393449177777001222499029",
"241495314514255277441758455263132677140",
"144947377193708984206520484837636076984",
"191583089249038054157112512521088369630",
"166396587805750843747064177919237158371",
"111455825609225737869934732712610897185",
"18195841958824766714411896219809717477",
"303007371582290008802834110034793555334",
"20044157259717892226538930569640840106"
],
"threshold": 0.9
},
"signature_type": "Line"
},
{
"source": "https://github.com/virustotal/yara/commit/925bcf3c3b0a28b5b78e25d9efda5c0bf27ae699",
"signature_version": "v1",
"id": "CVE-2017-9304-e7679cf6",
"deprecated": false,
"target": {
"file": "libyara/re.c"
},
"digest": {
"line_hashes": [
"120655451824806282366234125824731602386",
"111696500681695524412026981462392161172",
"133047437718613991283472645573274940130",
"129745646271846591197430836818241831458",
"216965379336874102087835924690114183362",
"108998642498107875111021785562923235114",
"31278099520624464254790253827158955931"
],
"threshold": 0.9
},
"signature_type": "Line"
},
{
"source": "https://github.com/virustotal/yara/commit/925bcf3c3b0a28b5b78e25d9efda5c0bf27ae699",
"signature_version": "v1",
"id": "CVE-2017-9304-f8cab11e",
"deprecated": false,
"target": {
"file": "libyara/re_grammar.c",
"function": "yyparse"
},
"digest": {
"function_hash": "111183297384584353480713754101735295256",
"length": 14437.0
},
"signature_type": "Function"
}
]
}