CVE-2023-29581 β€” Project Yasm vulnerability

5 documents4 sources
Severity
5.5MEDIUMNVD
EPSS
0.2%
top 62.44%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
2
Yasm Project YasmDebian Yasm
Timeline
PublishedApr 12

Description

yasm 1.3.0.55.g101bc has a segmentation violation in the function delete_Token at modules/preprocs/nasm/nasm-pp.c. NOTE: although a libyasm application could become unavailable if this were exploited, the vendor's position is that there is no security relevance because there is either supposed to be input validation before data reaches libyasm, or a sandbox in which the application runs.

CVSS vector

CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:HExploitability: 1.8 | Impact: 3.6

Affected Packages2 packages

β–Άdebiandebian/yasm
β–ΆNVDyasm_project/yasm1.3.0.55.g101bc

πŸ”΄Vulnerability Details

3
GHSA
GHSA-fcm2-5r3h-4j86: yasm 1β†—2023-04-12
β–Ά
OSV
CVE-2023-29581: ** DISPUTED ** yasm 1β†—2023-04-12
β–Ά
OSV
CVE-2023-29581: yasm 1β†—2023-04-12
β–Ά

πŸ“‹Vendor Advisories

1
Debian
CVE-2023-29581: yasm - yasm 1.3.0.55.g101bc has a segmentation violation in the function delete_Token a...β†—2023
β–Ά
CVE-2023-29581 β€” Yasm Project Yasm vulnerability | cvebase