AmazonALAS-2023-1724Medium: yasm
CVSS3
Attack Vector
LOCAL
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
REQUIRED
Scope
UNCHANGED
Confidentiality Impact
NONE
Integrity Impact
NONE
Availability Impact
HIGH
CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H
EPSS
Percentile
23.8%
Issue Overview:
An issue was discovered in yasm version 1.3.0. There is a NULL pointer dereference in yasm_expr_get_intnum() in libyasm/expr.c. (CVE-2021-33454)
An issue was discovered in yasm version 1.3.0. There is a NULL pointer dereference in nasm_parser_directive() in modules/parsers/nasm/nasm-parse.c. (CVE-2021-33459)
Affected Packages:
yasm
Issue Correction:
Run yum update yasm to update your system.
New Packages:
i686:
yasm-devel-1.2.0-1.5.amzn1.i686
yasm-1.2.0-1.5.amzn1.i686
yasm-debuginfo-1.2.0-1.5.amzn1.i686
src:
yasm-1.2.0-1.5.amzn1.src
x86_64:
yasm-devel-1.2.0-1.5.amzn1.x86_64
yasm-1.2.0-1.5.amzn1.x86_64
yasm-debuginfo-1.2.0-1.5.amzn1.x86_64
Additional References
Red Hat: CVE-2021-33454, CVE-2021-33459
Mitre: CVE-2021-33454, CVE-2021-33459
| OS | Version | Architecture | Package | Version | Filename |
|---|---|---|---|---|---|
| Amazon Linux | 1 | i686 | yasm-devel | < 1.2.0-1.5.amzn1 | yasm-devel-1.2.0-1.5.amzn1.i686.rpm |
| Amazon Linux | 1 | i686 | yasm | < 1.2.0-1.5.amzn1 | yasm-1.2.0-1.5.amzn1.i686.rpm |
| Amazon Linux | 1 | i686 | yasm-debuginfo | < 1.2.0-1.5.amzn1 | yasm-debuginfo-1.2.0-1.5.amzn1.i686.rpm |
| Amazon Linux | 1 | x86_64 | yasm-devel | < 1.2.0-1.5.amzn1 | yasm-devel-1.2.0-1.5.amzn1.x86_64.rpm |
| Amazon Linux | 1 | x86_64 | yasm | < 1.2.0-1.5.amzn1 | yasm-1.2.0-1.5.amzn1.x86_64.rpm |
| Amazon Linux | 1 | x86_64 | yasm-debuginfo | < 1.2.0-1.5.amzn1 | yasm-debuginfo-1.2.0-1.5.amzn1.x86_64.rpm |
Related
CVSS3
Attack Vector
LOCAL
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
REQUIRED
Scope
UNCHANGED
Confidentiality Impact
NONE
Integrity Impact
NONE
Availability Impact
HIGH
CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H
EPSS
Percentile
23.8%