CVE-2023-49558 — Uncontrolled Resource Consumption in Project Yasm

CWE-400 — Uncontrolled Resource Consumption6 documents6 sources

Severity

5.5MEDIUMNVD

EPSS

0.2%

top 54.03%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Yasm Project Yasm Debian Yasm Msrc Azl3 Yasm 1.3.0-17 ON Azure Linux 3.0 +1 more

Timeline

PublishedJan 3

Latest updateJan 9

Description

An issue in YASM 1.3.0.86.g9def allows a remote attacker to cause a denial of service via the expand_mmac_params function in the modules/preprocs/nasm/nasm-pp.c component.

CVSS vector

CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:HExploitability: 1.8 | Impact: 3.6

Affected Packages4 packages

▶debiandebian/yasm

▶NVDyasm_project/yasm1.3.0.86.g9def

▶msrcmsrc/azl3_yasm_1.3.0-17_on_azure_linux_3.0

▶msrcmsrc/cbl2_yasm_1.3.0-17_on_cbl_mariner_2.0

🔴Vulnerability Details

GHSA

GHSA-w3p5-6w9w-p383: An issue in YASM 1↗2024-01-03

▶

OSV

CVE-2023-49558: An issue in YASM 1↗2024-01-03

▶

📋Vendor Advisories

Microsoft

An issue in YASM 1.3.0.86.g9def allows a remote attacker to cause a denial of service via the expand_mmac_params function in the modules/preprocs/nasm/nasm-pp.c component.↗2024-01-09

▶

Red Hat

YASM: allows a remote attacker to cause a denial of service via the expand_mmac_params↗2024-01-03

▶

Debian

CVE-2023-49558: yasm - An issue in YASM 1.3.0.86.g9def allows a remote attacker to cause a denial of se...↗2023

▶