Lucene search
K
Yasm ProjectYasm

17 matches found

CVE
CVE
added 2023/05/09 12:0 a.m.189 views

CVE-2023-31975

CVE-2023-31975 covers a memory-leak issue in yasm v1.3.0, specifically in yasm_intnum_copy at /libyasm/intnum.c. Multiple sources note dispute whether this is a vulnerability per YASM policy. Connected advisories indicate security updates/patches exist (e.g., yasm upgrades to a patched package su...

3.3CVSS4AI score0.00467EPSS
CVE
CVE
added 2023/05/17 12:0 a.m.136 views

CVE-2023-31724

CVE-2023-31724 affects yasm 1.3.0.55.g101bc, with a segmentation violation in do_directive (nasm-pp.c). Impact is high (local access, user interaction required per CVSS data), with no vendor patch available for yasm according to the connected Nessus record. Recommend monitoring for updates; no pa...

7.8CVSS7.6AI score0.00329EPSS
CVE
CVE
added 2023/04/12 12:0 a.m.78 views

CVE-2023-29581

CVE-2023-29581 affects yasm 1.3.0.55.g101bc; a segmentation violation occurs in the delete_Token function of nasm-pp.c. The issue could make a libyasm-based application unavailable, but vendor positions indicate no security relevance due to expected input validation or sandboxing. Connected sourc...

5.5CVSS5.5AI score0.00339EPSS
CVE
CVE
added 2024/01/02 12:0 a.m.77 views

CVE-2023-49556

CVE-2023-49556 describes a buffer overflow in YASM 1.3.0.86.g9def, exploitable via the expr_delete_term function in the libyasm/expr.c component. The vulnerability can allow a remote attacker to cause a denial of service. The provided connected documents confirm the affected product/version and t...

5.5CVSS5.4AI score0.00416EPSS
CVE
CVE
added 2023/04/24 12:0 a.m.75 views

CVE-2023-29579

CVE-2023-29579 describes a stack overflow in yasm 1.3.0.55.g101bc via the component yasm/yasm+0x43b466 in vsprintf. Multiple connected sources confirm this technical detail, noting disputes that this may not be a security issue since yasm is a standalone program not designed for untrusted input. ...

5.5CVSS5.7AI score0.00302EPSS
CVE
CVE
added 2023/04/24 12:0 a.m.75 views

CVE-2023-29582

CVE-2023-29582 concerns a stack overflow in yasm 1.3.0.55.g101bc triggered by the function parse_expr1 in /nasm/nasm-parse.c. The issue is explicitly described across multiple feeds as a stack overflow arising from the parse_expr1 path; several sources note that some third parties dispute this as...

5.5CVSS5.7AI score0.00345EPSS
CVE
CVE
added 2024/01/02 12:0 a.m.75 views

CVE-2023-49555

CVE-2023-49555 affects YASM 1.3.0.86.g9def. The vulnerability resides in the NASM preprocessing path, expand_smacro in modules/preprocs/nasm/nasm-pp.c, and is described as allowing a denial of service. The CVE shows a Medium base score (5.5) with availability impact (A) High, and an attack vector...

5.5CVSS5.3AI score0.00378EPSS
CVE
CVE
added 2024/01/02 12:0 a.m.75 views

CVE-2023-49557

CVE-2023-49557 affects YASM 1.3.0.86.g9def, exposing a denial of service via libyasm/section.c (yasm_section_bcs_first). CVSS: LOCAL, user interaction required; impact: availability loss. Connected PT-2024-2670 notes the vulnerable area is expand mmac params in nasm/nasm-pp.c and suggests a tempo...

5.5CVSS5.3AI score0.00432EPSS
CVE
CVE
added 2023/04/25 12:0 a.m.73 views

CVE-2023-30402

CVE-2023-30402 concerns YASM v1.3.0, where a heap overflow was reported in handle_dot_label within /nasm/nasm-token.re. The issue is documented as a heap overflow, with median CVSS-like metrics indicating LOCAL attack vector, LOW privileges, user interaction required, and HIGH impact on availabil...

5.5CVSS5.7AI score0.00291EPSS
CVE
CVE
added 2025/05/29 12:0 a.m.73 views

CVE-2024-22653

CVE-2024-22653 concerns yasm with a NULL pointer dereference in yasm_section_bcs_append (section.c). The connected Nessus advisories link the issue to multiple vendors, noting that affected yasm packages in TencentOS Server 4, Unity Linux, CBL Mariner 2.0, Azure Linux, and other distributions may...

4.8CVSS7.4AI score0.00215EPSS
CVE
CVE
added 2024/01/02 12:0 a.m.68 views

CVE-2023-49554

CVE-2023-49554 concerns YASM, specifically version 1.3.0.86.g9def, where a Use After Free in the do_directive path of modules/preprocs/nasm/nasm-pp.c can lead to denial of service. The vulnerability is described with local attack vector, low complexity, with user interaction required, and an avai...

5.5CVSS5.4AI score0.00398EPSS
CVE
CVE
added 2024/01/02 12:0 a.m.68 views

CVE-2023-49558

CVE-2023-49558 affects YASM 1.3.0.86.g9def and is caused by the expand_mmac_params function in modules/preprocs/nasm/nasm-pp.c, which can lead to a denial of service. The vulnerability is documented across multiple sources (NVD, MSRC, OSV, Debian OSV, Ubuntu OSV, CVE listing) with the REPORTED im...

5.5CVSS5.3AI score0.00382EPSS
CVE
CVE
added 2023/04/24 12:0 a.m.63 views

CVE-2023-29583

Vulnerability details confirm CVE-2023-29583 affects yasm in version 1.3.0.55.g101bc, with a stack overflow in the parse_expr5 function located in nasm/nasm-parse.c. The issue has been disputed by third parties as potentially non-security related since yasm is a standalone program not designed to...

6.2CVSS5.7AI score0.00287EPSS
CVE
CVE
added 2023/05/17 12:0 a.m.62 views

CVE-2023-31723

This CVE affects yasm 1.3.0.55.g101bc, where a segmentation fault occurs in the function expand_mmac_params in nasm/nasm-pp.c. The vulnerability is described across multiple sources (NVD, OSV, Nessus, PT-SEC) as a local issue with a high impact on availability (CVSS v3.1: AV:L/AC:L/PR:N/UI:R/S:U/...

5.5CVSS5.5AI score0.00291EPSS
CVE
CVE
added 2023/07/26 12:0 a.m.59 views

CVE-2023-37732

CVE-2023-37732 affects Yasm ; vulnerable component is the assembler library where a NULL pointer dereference in libyasm/intnum.c and /elf/elf.c enables a denial of service with a crafted file (version v1.3.0.78 ). Exploitation is described as a local vector with user interaction, per CVSS data. S...

5.5CVSS5.1AI score0.00338EPSS
CVE
CVE
added 2023/04/12 12:0 a.m.57 views

CVE-2023-29580

CVE-2023-29580 affects yasm version 1.3.0.55.g101bc, where a segmentation violation is triggered by the function yasm_expr_create in /libyasm/expr.c. The vulnerability is described across multiple feeds as a segmentation fault with local access, low attack complexity, required user interaction, a...

5.5CVSS5.4AI score0.00312EPSS
CVE
CVE
added 2023/05/17 12:0 a.m.55 views

CVE-2023-31725

Summary (CVE-2023-31725): yasm version 1.3.0.55.g101bc contains a heap-use-after-free via expand_mmac_params in yasm/modules/preprocs/nasm/nasm-pp.c. Affected component is the yasm assembler (preprocessor for NASM). Impact as per CVSS: local access with high impact on availability; no confidentia...

5.5CVSS5.5AI score0.00287EPSS