Msrc Azl3 Yasm 1.3.0-16 On Azure Linux 3.0 vulnerabilities

4 known vulnerabilities affecting msrc/azl3_yasm_1.3.0-16_on_azure_linux_3.0.

Total CVEs
4
CISA KEV
0
Public exploits
0
Exploited in wild
0
Severity breakdown
MEDIUM3LOW1

Vulnerabilities

Page 1 of 1
CVE-2023-51258MEDIUMCVSS 5.52024-01-09
CVE-2023-51258 [MEDIUM] CWE-401 A memory leak issue discovered in YASM v.1.3.0 allows a local attacker to cause a denial of service via the new_Token function in the modules/preprocs/nasm/nasm-pp:1512. A memory leak issue discovered in YASM v.1.3.0 allows a local attacker to cause a denial of service via the new_Token function in the modules/preprocs/nasm/nasm-pp:1512. FAQ: Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by
msrc
CVE-2023-37732MEDIUMCVSS 5.52023-07-11
CVE-2023-37732 [MEDIUM] CWE-476 Yasm v1.3.0.78 was found prone to NULL Pointer Dereference in /libyasm/intnum.c and /elf/elf.c, which allows the attacker to cause a denial of service via a crafted file. Yasm v1.3.0.78 was found prone to NULL Pointer Dereference in /libyasm/intnum.c and /elf/elf.c, which allows the attacker to cause a denial of service via a crafted file. FAQ: Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected b
msrc
CVE-2023-31975LOWCVSS 3.32023-05-09
CVE-2023-31975 [LOW] CWE-401 yasm v1.3.0 was discovered to contain a memory leak via the function yasm_intnum_copy at /libyasm/intnum.c. Note: Multiple third parties dispute this as a bug and not a vulnerability according to the yasm v1.3.0 was discovered to contain a memory leak via the function yasm_intnum_copy at /libyasm/intnum.c. Note: Multiple third parties dispute this as a bug and not a vulnerability according to the YASM security policy. FAQ: Is Azure Linux the only Microsoft product
msrc
CVE-2021-33454MEDIUMCVSS 5.52022-07-12
CVE-2021-33454 [MEDIUM] CWE-476 An issue was discovered in yasm version 1.3.0. There is a NULL pointer dereference in yasm_expr_get_intnum() in libyasm/expr.c. An issue was discovered in yasm version 1.3.0. There is a NULL pointer dereference in yasm_expr_get_intnum() in libyasm/expr.c. FAQ: Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability? One of the main benefits to our customers who choose to use the
msrc
Msrc Azl3 Yasm 1.3.0-16 On Azure Linux 3.0 vulnerabilities | cvebase