CVE-2023-49554 — Use After Free in Project Yasm

CWE-416 — Use After Free CWE-400 — Uncontrolled Resource Consumption6 documents6 sources

Severity

5.5MEDIUMNVD

EPSS

0.3%

top 44.41%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Yasm Project Yasm Debian Yasm Msrc Azl3 Yasm 1.3.0-17 ON Azure Linux 3.0 +1 more

Timeline

PublishedJan 3

Latest updateJan 9

Description

Use After Free vulnerability in YASM 1.3.0.86.g9def allows a remote attacker to cause a denial of service via the do_directive function in the modules/preprocs/nasm/nasm-pp.c component.

CVSS vector

CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:HExploitability: 1.8 | Impact: 3.6

Affected Packages4 packages

▶debiandebian/yasm

▶NVDyasm_project/yasm1.3.0.86.g9def

▶msrcmsrc/azl3_yasm_1.3.0-17_on_azure_linux_3.0

▶msrcmsrc/cbl2_yasm_1.3.0-17_on_cbl_mariner_2.0

🔴Vulnerability Details

OSV

CVE-2023-49554: Use After Free vulnerability in YASM 1↗2024-01-03

▶

GHSA

GHSA-4x52-4p76-xv6v: Use After Free vulnerability in YASM 1↗2024-01-03

▶

📋Vendor Advisories

Microsoft

Use After Free vulnerability in YASM 1.3.0.86.g9def allows a remote attacker to cause a denial of service via the do_directive function in the modules/preprocs/nasm/nasm-pp.c component.↗2024-01-09

▶

Red Hat

yasm: remote attacker cause a denial of service via the do_directive function↗2024-01-03

▶

Debian

CVE-2023-49554: yasm - Use After Free vulnerability in YASM 1.3.0.86.g9def allows a remote attacker to ...↗2023

▶