17 matches found
CVE-2023-31975
CVE-2023-31975 covers a memory-leak issue in yasm v1.3.0, specifically in yasm_intnum_copy at /libyasm/intnum.c. Multiple sources note dispute whether this is a vulnerability per YASM policy. Connected advisories indicate security updates/patches exist (e.g., yasm upgrades to a patched package su...
CVE-2023-31724
CVE-2023-31724 affects yasm 1.3.0.55.g101bc, with a segmentation violation in do_directive (nasm-pp.c). Impact is high (local access, user interaction required per CVSS data), with no vendor patch available for yasm according to the connected Nessus record. Recommend monitoring for updates; no pa...
CVE-2023-29581
CVE-2023-29581 affects yasm 1.3.0.55.g101bc; a segmentation violation occurs in the delete_Token function of nasm-pp.c. The issue could make a libyasm-based application unavailable, but vendor positions indicate no security relevance due to expected input validation or sandboxing. Connected sourc...
CVE-2023-49556
CVE-2023-49556 describes a buffer overflow in YASM 1.3.0.86.g9def, exploitable via the expr_delete_term function in the libyasm/expr.c component. The vulnerability can allow a remote attacker to cause a denial of service. The provided connected documents confirm the affected product/version and t...
CVE-2023-29579
CVE-2023-29579 describes a stack overflow in yasm 1.3.0.55.g101bc via the component yasm/yasm+0x43b466 in vsprintf. Multiple connected sources confirm this technical detail, noting disputes that this may not be a security issue since yasm is a standalone program not designed for untrusted input. ...
CVE-2023-29582
CVE-2023-29582 concerns a stack overflow in yasm 1.3.0.55.g101bc triggered by the function parse_expr1 in /nasm/nasm-parse.c. The issue is explicitly described across multiple feeds as a stack overflow arising from the parse_expr1 path; several sources note that some third parties dispute this as...
CVE-2023-49555
CVE-2023-49555 affects YASM 1.3.0.86.g9def. The vulnerability resides in the NASM preprocessing path, expand_smacro in modules/preprocs/nasm/nasm-pp.c, and is described as allowing a denial of service. The CVE shows a Medium base score (5.5) with availability impact (A) High, and an attack vector...
CVE-2023-49557
CVE-2023-49557 affects YASM 1.3.0.86.g9def, exposing a denial of service via libyasm/section.c (yasm_section_bcs_first). CVSS: LOCAL, user interaction required; impact: availability loss. Connected PT-2024-2670 notes the vulnerable area is expand mmac params in nasm/nasm-pp.c and suggests a tempo...
CVE-2023-30402
CVE-2023-30402 concerns YASM v1.3.0, where a heap overflow was reported in handle_dot_label within /nasm/nasm-token.re. The issue is documented as a heap overflow, with median CVSS-like metrics indicating LOCAL attack vector, LOW privileges, user interaction required, and HIGH impact on availabil...
CVE-2024-22653
CVE-2024-22653 concerns yasm with a NULL pointer dereference in yasm_section_bcs_append (section.c). The connected Nessus advisories link the issue to multiple vendors, noting that affected yasm packages in TencentOS Server 4, Unity Linux, CBL Mariner 2.0, Azure Linux, and other distributions may...
CVE-2023-49554
CVE-2023-49554 concerns YASM, specifically version 1.3.0.86.g9def, where a Use After Free in the do_directive path of modules/preprocs/nasm/nasm-pp.c can lead to denial of service. The vulnerability is described with local attack vector, low complexity, with user interaction required, and an avai...
CVE-2023-49558
CVE-2023-49558 affects YASM 1.3.0.86.g9def and is caused by the expand_mmac_params function in modules/preprocs/nasm/nasm-pp.c, which can lead to a denial of service. The vulnerability is documented across multiple sources (NVD, MSRC, OSV, Debian OSV, Ubuntu OSV, CVE listing) with the REPORTED im...
CVE-2023-29583
Vulnerability details confirm CVE-2023-29583 affects yasm in version 1.3.0.55.g101bc, with a stack overflow in the parse_expr5 function located in nasm/nasm-parse.c. The issue has been disputed by third parties as potentially non-security related since yasm is a standalone program not designed to...
CVE-2023-31723
This CVE affects yasm 1.3.0.55.g101bc, where a segmentation fault occurs in the function expand_mmac_params in nasm/nasm-pp.c. The vulnerability is described across multiple sources (NVD, OSV, Nessus, PT-SEC) as a local issue with a high impact on availability (CVSS v3.1: AV:L/AC:L/PR:N/UI:R/S:U/...
CVE-2023-37732
CVE-2023-37732 affects Yasm ; vulnerable component is the assembler library where a NULL pointer dereference in libyasm/intnum.c and /elf/elf.c enables a denial of service with a crafted file (version v1.3.0.78 ). Exploitation is described as a local vector with user interaction, per CVSS data. S...
CVE-2023-29580
CVE-2023-29580 affects yasm version 1.3.0.55.g101bc, where a segmentation violation is triggered by the function yasm_expr_create in /libyasm/expr.c. The vulnerability is described across multiple feeds as a segmentation fault with local access, low attack complexity, required user interaction, a...
CVE-2023-31725
Summary (CVE-2023-31725): yasm version 1.3.0.55.g101bc contains a heap-use-after-free via expand_mmac_params in yasm/modules/preprocs/nasm/nasm-pp.c. Affected component is the yasm assembler (preprocessor for NASM). Impact as per CVSS: local access with high impact on availability; no confidentia...