Launchpad.net

CVE 2017-5923

libyara/grammar.y in YARA 3.5.0 allows remote attackers to cause a denial of service (heap-based out-of-bounds read and application crash) via a crafted rule that is mishandled in the yara_yyparse function.

See the CVE page on Mitre.org for more details.

References