Lucene search

GoogleOSV:CVE-2023-31725

HistoryMay 17, 2023 - 3:15 p.m.

CVE-2023-31725

2023-05-1715:15:08

Google

osv.dev

yasm

version 1.3.0.55.g101bc

heap-use-after-free

expand_mmac_params

nasm-pp.c

5.5 Medium

CVSS3

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

REQUIRED

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

HIGH

CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H

6.9 Medium

AI Score

Confidence

High

0.001 Low

EPSS

Percentile

19.1%

JSON

yasm 1.3.0.55.g101bc was discovered to contain a heap-use-after-free via the function expand_mmac_params at yasm/modules/preprocs/nasm/nasm-pp.c.

CPENameOperatorVersion
yasmeq1.3.0-2.1
yasmeq1.3.0-2.2
yasmeq1.3.0-5
yasmeq1.3.0-4
yasmeq1.3.0-3
yasmeq1.3.0-2

Name	Operator	Version
yasm	eq	1.3.0-2.1
yasm	eq	1.3.0-2.2
yasm	eq	1.3.0-5
yasm	eq	1.3.0-4
yasm	eq	1.3.0-3
yasm	eq	1.3.0-2

References

github.com/DaisyPo/fuzzing-vulncollect/tree/main/yasm/heap-use-after-free/nasm-pp.c:3878%20in%20expand_mmac_params

github.com/yasm/yasm/issues/221

5.5 Medium

CVSS3

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

REQUIRED

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

HIGH

CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H

6.9 Medium

AI Score

Confidence

High

0.001 Low

EPSS

Percentile

19.1%

JSON

Related for OSV:CVE-2023-31725