CVE-2023-29581

Published: Apr 12, 2023Modified: Nov 21, 2024

5.5

Vector

CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H

Exploitability: 1.8 / Impact: 3.6

Source: NVD

Description

yasm 1.3.0.55.g101bc has a segmentation violation in the function delete_Token at modules/preprocs/nasm/nasm-pp.c. NOTE: although a libyasm application could become unavailable if this were exploited, the vendor's position is that there is no security relevance because there is either supposed to be input validation before data reaches libyasm, or a sandbox in which the application runs.

Affected (1)

Products: Yasm Project: Yasm

1 product

Configuration A

1 vulnerable

Vulnerable Software	Affected Versions
Yasm Project Yasm	Version 1.3.0.55.g101bc

References (8)

https://bugzilla.redhat.com/show_bug.cgi?id=2186333

Source: cve@mitre.org

https://github.com/yasm/yasm/blob/master/SECURITY.md

Source: cve@mitre.org

https://github.com/yasm/yasm/issues/216

Source: cve@mitre.org

ExploitIssue TrackingThird Party Advisory

https://github.com/z1r00/fuzz_vuln/blob/main/yasm/segv/delete_Token/readme.md

Source: cve@mitre.org

ExploitThird Party Advisory

https://bugzilla.redhat.com/show_bug.cgi?id=2186333

Source: af854a3a-2127-422b-91ae-364da2661108

https://github.com/yasm/yasm/blob/master/SECURITY.md

Source: af854a3a-2127-422b-91ae-364da2661108

https://github.com/yasm/yasm/issues/216

Source: af854a3a-2127-422b-91ae-364da2661108

ExploitIssue TrackingThird Party Advisory

https://github.com/z1r00/fuzz_vuln/blob/main/yasm/segv/delete_Token/readme.md

Source: af854a3a-2127-422b-91ae-364da2661108

ExploitThird Party Advisory

Timeline

No history available yet.