Lucene search

[email protected]CVE-2023-29581

HistoryApr 12, 2023 - 4:15 p.m.

CVE-2023-29581

2023-04-1216:15:19

[email protected]

web.nvd.nist.gov

yasm

segmentation violation

delete_token

cve-2023-29581

nvd

5.5 Medium

CVSS3

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

REQUIRED

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

HIGH

CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H

5.5 Medium

AI Score

Confidence

High

0.0005 Low

EPSS

Percentile

18.9%

JSON

yasm 1.3.0.55.g101bc has a segmentation violation in the function delete_Token at modules/preprocs/nasm/nasm-pp.c. NOTE: although a libyasm application could become unavailable if this were exploited, the vendor’s position is that there is no security relevance because there is either supposed to be input validation before data reaches libyasm, or a sandbox in which the application runs.

Affected configurations

NVD

Node

yasm_projectyasmMatch1.3.0.55.g101bc

CPENameOperatorVersion
yasm_project:yasmyasm project yasmeq1.3.0.55.g101bc

CPE	Name	Operator	Version
yasm_project:yasm	yasm project yasm	eq	1.3.0.55.g101bc

References

bugzilla.redhat.com/show_bug.cgi?id=2186333

github.com/yasm/yasm/blob/master/SECURITY.md

github.com/yasm/yasm/issues/216

github.com/z1r00/fuzz_vuln/blob/main/yasm/segv/delete_Token/readme.md

5.5 Medium

CVSS3

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

REQUIRED

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

HIGH

CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H

5.5 Medium

AI Score

Confidence

High

0.0005 Low

EPSS

Percentile

18.9%

JSON

Related for CVE-2023-29581

ubuntucve1 prion1 debiancve1 cvelist1 redhatcve1 nvd1