CVE-2023-31975

2023-05-0913:15:18

Alpine Linux Development Team

security.alpinelinux.org

cve-2023-31975

yasm

memory leak

third parties

vulnerability

security policy

unix

CVSS3

3.3

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

REQUIRED

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

LOW

CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L

AI Score

3.9

Confidence

High

EPSS

0.001

Percentile

31.6%

JSON

yasm v1.3.0 was discovered to contain a memory leak via the function yasm_intnum_copy at /libyasm/intnum.c. Note: Multiple third parties dispute this as a bug and not a vulnerability according to the YASM security policy.

OSVersionArchitecturePackageVersionFilename
Alpine3.17-mainnoarchyasm= 1.3.0-r3UNKNOWN
Alpine3.16-mainnoarchyasm= 1.3.0-r2UNKNOWN
Alpine3.15-mainnoarchyasm= 1.3.0-r2UNKNOWN
Alpine3.14-mainnoarchyasm= 1.3.0-r2UNKNOWN
Alpineedge-communitynoarchyasm= 1.3.0-r4UNKNOWN
Alpine3.18-mainnoarchyasm= 1.3.0-r4UNKNOWN
Alpine3.19-communitynoarchyasm= 1.3.0-r4UNKNOWN
Alpine3.20-communitynoarchyasm= 1.3.0-r4UNKNOWN

OS	Version	Architecture	Package	Version	Filename
Alpine	3.17-main	noarch	yasm	= 1.3.0-r3	UNKNOWN
Alpine	3.16-main	noarch	yasm	= 1.3.0-r2	UNKNOWN
Alpine	3.15-main	noarch	yasm	= 1.3.0-r2	UNKNOWN
Alpine	3.14-main	noarch	yasm	= 1.3.0-r2	UNKNOWN
Alpine	edge-community	noarch	yasm	= 1.3.0-r4	UNKNOWN
Alpine	3.18-main	noarch	yasm	= 1.3.0-r4	UNKNOWN
Alpine	3.19-community	noarch	yasm	= 1.3.0-r4	UNKNOWN
Alpine	3.20-community	noarch	yasm	= 1.3.0-r4	UNKNOWN