CVE-2023-49556 — Classic Buffer Overflow in Project Yasm

CWE-120 — Classic Buffer Overflow CWE-400 — Uncontrolled Resource Consumption6 documents6 sources

Severity

5.5MEDIUMNVD

EPSS

0.7%

top 28.64%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Yasm Project Yasm Debian Yasm Msrc Azl3 Yasm 1.3.0-17 ON Azure Linux 3.0 +1 more

Timeline

PublishedJan 3

Latest updateJan 9

Description

Buffer Overflow vulnerability in YASM 1.3.0.86.g9def allows a remote attacker to cause a denial of service via the expr_delete_term function in the libyasm/expr.c component.

CVSS vector

CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:HExploitability: 1.8 | Impact: 3.6

Affected Packages4 packages

▶debiandebian/yasm

▶NVDyasm_project/yasm1.3.0.86.g9def

▶msrcmsrc/azl3_yasm_1.3.0-17_on_azure_linux_3.0

▶msrcmsrc/cbl2_yasm_1.3.0-17_on_cbl_mariner_2.0

🔴Vulnerability Details

GHSA

GHSA-q795-pwf5-9r9x: Buffer Overflow vulnerability in YASM 1↗2024-01-03

▶

OSV

CVE-2023-49556: Buffer Overflow vulnerability in YASM 1↗2024-01-03

▶

📋Vendor Advisories

Microsoft

Buffer Overflow vulnerability in YASM 1.3.0.86.g9def allows a remote attacker to cause a denial of service via the expr_delete_term function in the libyasm/expr.c component.↗2024-01-09

▶

Red Hat

yasm: remote attacker to cause a denial of service via the expr_delete_term↗2024-01-03

▶

Debian

CVE-2023-49556: yasm - Buffer Overflow vulnerability in YASM 1.3.0.86.g9def allows a remote attacker to...↗2023

▶