Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Out of bounds read in yr_re_exec() #646

Closed
fumfel opened this issue Apr 26, 2017 · 1 comment
Closed

Out of bounds read in yr_re_exec() #646

fumfel opened this issue Apr 26, 2017 · 1 comment

Comments

@fumfel
Copy link

fumfel commented Apr 26, 2017

Out of bounds read in yr_re_exec()

Git HEAD: dac4595

Payload

Command: yara yara_oobr_yr_re_exec strings

ASAN:

==2886==ERROR: AddressSanitizer: SEGV on unknown address 0x7fd0b5d63fff (pc 0x00000051eb38 bp 0x7ffc623d3ad0 sp 0x7ffc623d3900 T0)
==2886==The signal is caused by a READ memory access.
    #0 0x51eb37 in yr_re_exec XYZ/yara/libyara/re.c:2037:20
    #1 0x53da37 in _yr_scan_verify_re_match XYZ/yara/libyara/scan.c:580:23
    #2 0x53ed63 in yr_scan_verify_match XYZ/yara/libyara/scan.c:762:5
    #3 0x53678f in _yr_rules_scan_mem_block XYZ/yara/libyara/rules.c:276:9
    #4 0x538242 in yr_rules_scan_mem_blocks XYZ/yara/libyara/rules.c:452:5
    #5 0x53909b in yr_rules_scan_mem XYZ/yara/libyara/rules.c:586:10
    #6 0x53909b in yr_rules_scan_file XYZ/yara/libyara/rules.c:610
    #7 0x4f9143 in main XYZ/yara/yara.c:1229:14
    #8 0x7fd0b499d82f in __libc_start_main /build/glibc-9tT8Do/glibc-2.23/csu/../csu/libc-start.c:291
    #9 0x41a858 in _start (XYZ/yara/yara+0x41a858)

AddressSanitizer can not provide additional info.
SUMMARY: AddressSanitizer: SEGV XYZ/yara/libyara/re.c:2037:20 in yr_re_exec
==2886==ABORTING
plusvic added a commit that referenced this issue Apr 27, 2017
* Fix issue #646 and some edge cases with wide regexps using \b and \B

* Rename function IS_WORD_CHAR to _yr_re_is_word_char
@plusvic plusvic closed this as completed Apr 27, 2017
@carnil
Copy link

carnil commented Apr 28, 2017

This issue has been assigned CVE-2017-8294

CaldurG pushed a commit to CaldurG/yara that referenced this issue Jul 14, 2017
* Fix issue VirusTotal#646 and some edge cases with wide regexps using \b and \B

* Rename function IS_WORD_CHAR to _yr_re_is_word_char
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
None yet
Projects
None yet
Development

No branches or pull requests

3 participants