CVE-2021-33459 — NULL Pointer Dereference in Yasm

CWE-476 — NULL Pointer Dereference5 documents5 sources

Severity

5.5MEDIUMNVD

EPSS

0.1%

top 68.30%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Tortall Yasm Debian Yasm Msrc Azl3 Yasm 1.3.0-17 ON Azure Linux 3.0 +2 more

Timeline

PublishedJul 26

Latest updateJul 27

Description

An issue was discovered in yasm version 1.3.0. There is a NULL pointer dereference in nasm_parser_directive() in modules/parsers/nasm/nasm-parse.c.

CVSS vector

CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:HExploitability: 1.8 | Impact: 3.6

Affected Packages5 packages

▶debiandebian/yasm

▶NVDtortall/yasm1.3.0

▶msrcmsrc/cm1_yasm_1.3.0-14_on_cbl_mariner_1.0

▶msrcmsrc/azl3_yasm_1.3.0-17_on_azure_linux_3.0

▶msrcmsrc/cbl2_yasm_1.3.0-16_on_cbl_mariner_2.0

🔴Vulnerability Details

GHSA

GHSA-c6wv-24cx-jxcg: An issue was discovered in yasm version 1↗2022-07-27

▶

OSV

CVE-2021-33459: An issue was discovered in yasm version 1↗2022-07-26

▶

📋Vendor Advisories

Microsoft

An issue was discovered in yasm version 1.3.0. There is a NULL pointer dereference in nasm_parser_directive() in modules/parsers/nasm/nasm-parse.c.↗2022-07-12

▶

Debian

CVE-2021-33459: yasm - An issue was discovered in yasm version 1.3.0. There is a NULL pointer dereferen...↗2021

▶