Vulnerabilities > CVE-2023-29581 - Unspecified vulnerability in Yasm Project Yasm 1.3.0.55.G101Bc

CVSS 5.5 - MEDIUM

Attack vector

LOCAL

Attack complexity

LOW

Privileges required

NONE

Confidentiality impact

NONE

Integrity impact

NONE

Availability impact

HIGH

local

low complexity

yasm-project

NVD

Published: 2023-04-12

Updated: 2024-08-02

Summary

yasm 1.3.0.55.g101bc has a segmentation violation in the function delete_Token at modules/preprocs/nasm/nasm-pp.c. NOTE: although a libyasm application could become unavailable if this were exploited, the vendor's position is that there is no security relevance because there is either supposed to be input validation before data reaches libyasm, or a sandbox in which the application runs.

Vulnerable Configurations

Part	Description	Count
Application	Yasm_Project Yasm Project Yasm 1.3.0.55.G101Bc	1

References

https://github.com/z1r00/fuzz_vuln/blob/main/yasm/segv/delete_Token/readme.md
https://github.com/yasm/yasm/issues/216
https://bugzilla.redhat.com/show_bug.cgi?id=2186333
https://github.com/yasm/yasm/blob/master/SECURITY.md