Tortall Yasm vulnerabilities

CVE-2023-51258 [MEDIUM] CWE-401 CVE-2023-51258: A memory leak issue discovered in YASM v.1.3.0 allows a local attacker to cause a denial of service A memory leak issue discovered in YASM v.1.3.0 allows a local attacker to cause a denial of service via the new_Token function in the modules/preprocs/nasm/nasm-pp:1512.

CVE-2023-31973 [MEDIUM] CWE-401 CVE-2023-31973: yasm v1.3.0 was discovered to contain a use after free via the function expand_mmac_params at /nasm/ yasm v1.3.0 was discovered to contain a use after free via the function expand_mmac_params at /nasm/nasm-pp.c. Note: Multiple third parties dispute this as a bug and not a vulnerability according to the YASM security policy.

CVE-2023-31972 [MEDIUM] CWE-416 CVE-2023-31972: yasm v1.3.0 was discovered to contain a use after free via the function pp_getline at /nasm/nasm-pp. yasm v1.3.0 was discovered to contain a use after free via the function pp_getline at /nasm/nasm-pp.c. Note: Multiple third parties dispute this as a bug and not a vulnerability according to the YASM security policy.

CVE-2023-31974 [MEDIUM] CWE-416 CVE-2023-31974: yasm v1.3.0 was discovered to contain a use after free via the function error at /nasm/nasm-pp.c. No yasm v1.3.0 was discovered to contain a use after free via the function error at /nasm/nasm-pp.c. Note: Multiple third parties dispute this as a bug and not a vulnerability according to the YASM security policy.

CVE-2021-33455 [MEDIUM] CWE-476 CVE-2021-33455: An issue was discovered in yasm version 1.3.0. There is a NULL pointer dereference in do_directive() An issue was discovered in yasm version 1.3.0. There is a NULL pointer dereference in do_directive() in modules/preprocs/nasm/nasm-pp.c.

CVE-2021-33463 [MEDIUM] CWE-476 CVE-2021-33463: An issue was discovered in yasm version 1.3.0. There is a NULL pointer dereference in yasm_expr__cop An issue was discovered in yasm version 1.3.0. There is a NULL pointer dereference in yasm_expr__copy_except() in libyasm/expr.c.

CVE-2021-33454 [MEDIUM] CWE-476 CVE-2021-33454: An issue was discovered in yasm version 1.3.0. There is a NULL pointer dereference in yasm_expr_get_ An issue was discovered in yasm version 1.3.0. There is a NULL pointer dereference in yasm_expr_get_intnum() in libyasm/expr.c.

CVE-2021-33467 [MEDIUM] CWE-416 CVE-2021-33467: An issue was discovered in yasm version 1.3.0. There is a use-after-free in pp_getline() in modules/ An issue was discovered in yasm version 1.3.0. There is a use-after-free in pp_getline() in modules/preprocs/nasm/nasm-pp.c.

CVE-2021-33457 [MEDIUM] CWE-476 CVE-2021-33457: An issue was discovered in yasm version 1.3.0. There is a NULL pointer dereference in expand_mmac_pa An issue was discovered in yasm version 1.3.0. There is a NULL pointer dereference in expand_mmac_params() in modules/preprocs/nasm/nasm-pp.c.

CVE-2021-33466 [MEDIUM] CWE-476 CVE-2021-33466: An issue was discovered in yasm version 1.3.0. There is a NULL pointer dereference in expand_smacro( An issue was discovered in yasm version 1.3.0. There is a NULL pointer dereference in expand_smacro() in modules/preprocs/nasm/nasm-pp.c.

CVE-2021-33465 [MEDIUM] CWE-476 CVE-2021-33465: An issue was discovered in yasm version 1.3.0. There is a NULL pointer dereference in expand_mmacro( An issue was discovered in yasm version 1.3.0. There is a NULL pointer dereference in expand_mmacro() in modules/preprocs/nasm/nasm-pp.c.

CVE-2021-33459 [MEDIUM] CWE-476 CVE-2021-33459: An issue was discovered in yasm version 1.3.0. There is a NULL pointer dereference in nasm_parser_di An issue was discovered in yasm version 1.3.0. There is a NULL pointer dereference in nasm_parser_directive() in modules/parsers/nasm/nasm-parse.c.

CVE-2021-33460 [MEDIUM] CWE-476 CVE-2021-33460: An issue was discovered in yasm version 1.3.0. There is a NULL pointer dereference in if_condition() An issue was discovered in yasm version 1.3.0. There is a NULL pointer dereference in if_condition() in modules/preprocs/nasm/nasm-pp.c.

CVE-2021-33462 [MEDIUM] CWE-416 CVE-2021-33462: An issue was discovered in yasm version 1.3.0. There is a use-after-free in expr_traverse_nodes_post An issue was discovered in yasm version 1.3.0. There is a use-after-free in expr_traverse_nodes_post() in libyasm/expr.c.

CVE-2021-33461 [MEDIUM] CWE-416 CVE-2021-33461: An issue was discovered in yasm version 1.3.0. There is a use-after-free in yasm_intnum_destroy() in An issue was discovered in yasm version 1.3.0. There is a use-after-free in yasm_intnum_destroy() in libyasm/intnum.c.

CVE-2021-33464 [MEDIUM] CWE-787 CVE-2021-33464: An issue was discovered in yasm version 1.3.0. There is a heap-buffer-overflow in inc_fopen() in mod An issue was discovered in yasm version 1.3.0. There is a heap-buffer-overflow in inc_fopen() in modules/preprocs/nasm/nasm-pp.c.

CVE-2021-33458 [MEDIUM] CWE-476 CVE-2021-33458: An issue was discovered in yasm version 1.3.0. There is a NULL pointer dereference in find_cc() in m An issue was discovered in yasm version 1.3.0. There is a NULL pointer dereference in find_cc() in modules/preprocs/nasm/nasm-pp.c.

CVE-2021-33456 [MEDIUM] CWE-476 CVE-2021-33456: An issue was discovered in yasm version 1.3.0. There is a NULL pointer dereference in hash() in modu An issue was discovered in yasm version 1.3.0. There is a NULL pointer dereference in hash() in modules/preprocs/nasm/nasm-pp.c.

CVE-2021-33468 [MEDIUM] CWE-416 CVE-2021-33468: An issue was discovered in yasm version 1.3.0. There is a use-after-free in error() in modules/prepr An issue was discovered in yasm version 1.3.0. There is a use-after-free in error() in modules/preprocs/nasm/nasm-pp.c.