Lucene search

Ubuntu.comUB:CVE-2017-9465

HistoryJun 06, 2017 - 12:00 a.m.

CVE-2017-9465

2017-06-0600:00:00

ubuntu.com

5.8 Medium

CVSS2

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

NONE

Availability Impact

PARTIAL

AV:N/AC:M/Au:N/C:P/I:N/A:P

7.1 High

CVSS3

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

REQUIRED

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

NONE

Availability Impact

HIGH

CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:H

0.001 Low

EPSS

Percentile

41.9%

JSON

The yr_arena_write_data function in YARA 3.6.1 allows remote attackers to
cause a denial of service (buffer over-read and application crash) or
obtain sensitive information from process memory via a crafted file that is
mishandled in the yr_re_fast_exec function in libyara/re.c and the
_yr_scan_match_callback function in libyara/scan.c.

OSVersionArchitecturePackageVersionFilename
ubuntu16.04noarchyara< anyUNKNOWN

OS	Version	Architecture	Package	Version	Filename
ubuntu	16.04	noarch	yara	< any	UNKNOWN

References

github.com/VirusTotal/yara/commit/992480c30f75943e9cd6245bb2015c7737f9b661

github.com/VirusTotal/yara/issues/678

launchpad.net/bugs/cve/CVE-2017-9465

nvd.nist.gov/vuln/detail/CVE-2017-9465

security-tracker.debian.org/tracker/CVE-2017-9465

www.cve.org/CVERecord?id=CVE-2017-9465

5.8 Medium

CVSS2

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

NONE

Availability Impact

PARTIAL

AV:N/AC:M/Au:N/C:P/I:N/A:P

7.1 High

CVSS3

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

REQUIRED

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

NONE

Availability Impact

HIGH

CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:H

0.001 Low

EPSS

Percentile

41.9%

JSON

Related for UB:CVE-2017-9465