CVE-2023-37732 — NULL Pointer Dereference in Project Yasm

CWE-476 — NULL Pointer Dereference CWE-400 — Uncontrolled Resource Consumption7 documents7 sources

Severity

5.5MEDIUMNVD

EPSS

0.0%

top 93.34%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Yasm Project Yasm

Timeline

PublishedJul 26

Description

Yasm v1.3.0.78 was found prone to NULL Pointer Dereference in /libyasm/intnum.c and /elf/elf.c, which allows the attacker to cause a denial of service via a crafted file.

CVSS vector

CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:HExploitability: 1.8 | Impact: 3.6

Affected Packages1 packages

▶NVDyasm_project/yasm1.3.0.78.g4dc8

🔴Vulnerability Details

GHSA

GHSA-4p37-82f3-xmhv: Yasm v1↗2023-07-26

▶

CVEList

CVE-2023-37732: Yasm v1↗2023-07-26

▶

OSV

CVE-2023-37732: Yasm v1↗2023-07-26

▶

📋Vendor Advisories

Red Hat

yasm: SEGV in yasm/libyasm/intnum.c in function yasm_intnum_copy()↗2023-07-26

▶

Microsoft

Yasm v1.3.0.78 was found prone to NULL Pointer Dereference in /libyasm/intnum.c and /elf/elf.c, which allows the attacker to cause a denial of service via a crafted file.↗2023-07-11

▶

Debian

CVE-2023-37732: yasm - Yasm v1.3.0.78 was found prone to NULL Pointer Dereference in /libyasm/intnum.c ...↗2023

▶