http://bugzilla.opensuse.org/show_bug.cgi?id=1041901 Bug ID: 1041901 Summary: VUL-0: CVE-2017-9304: yara: possible DoS via a crafted rule that is mishandled in the _yr_re_emit function Classification: openSUSE Product: openSUSE Distribution Version: Leap 42.2 Hardware: Other OS: Other Status: NEW Severity: Normal Priority: P5 - None Component: Security Assignee: Greg.Freemyer@gmail.com Reporter: abergmann@suse.com QA Contact: qa-bugs@suse.de Found By: Security Response Team Blocker: --- CVE-2017-9304 libyara/re.c in the regexp module in YARA 3.5.0 allows remote attackers to cause a denial of service (stack consumption) via a crafted rule that is mishandled in the _yr_re_emit function. References: http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2017-9304 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-9304 https://github.com/VirusTotal/yara/issues/674 https://github.com/VirusTotal/yara/commit/925bcf3c3b0a28b5b78e25d9efda5c0bf2... -- You are receiving this mail because: You are on the CC list for the bug.