CVE-2023-29581

2023-04-1200:00:00

ubuntu.com

yasm

segmentation violation

delete_token

input validation

sandbox

cli tool crash

unix

vendor's position

CVSS3

5.5

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

REQUIRED

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

HIGH

CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H

AI Score

5.5

Confidence

High

EPSS

0.001

Percentile

22.7%

JSON

DISPUTED yasm 1.3.0.55.g101bc has a segmentation violation in the
function delete_Token at modules/preprocs/nasm/nasm-pp.c. NOTE: although a
libyasm application could become unavailable if this were exploited, the
vendor’s position is that there is no security relevance because there is
either supposed to be input validation before data reaches libyasm, or a
sandbox in which the application runs.

Notes

Author	Note
rodrigo-zaiden	CLI tool crash only.

OSVersionArchitecturePackageVersionFilename
ubuntu18.04noarchyasm< anyUNKNOWN
ubuntu20.04noarchyasm< anyUNKNOWN
ubuntu22.04noarchyasm< anyUNKNOWN
ubuntu24.04noarchyasm< anyUNKNOWN
ubuntu16.04noarchyasm< anyUNKNOWN

OS	Version	Architecture	Package	Version	Filename
ubuntu	18.04	noarch	yasm	< any	UNKNOWN
ubuntu	20.04	noarch	yasm	< any	UNKNOWN
ubuntu	22.04	noarch	yasm	< any	UNKNOWN
ubuntu	24.04	noarch	yasm	< any	UNKNOWN
ubuntu	16.04	noarch	yasm	< any	UNKNOWN