Vulnerabilities > CVE-2023-29583 - Out-of-bounds Write vulnerability in Yasm Project Yasm 1.3.0.55.G101Bc

CVSS 5.5 - MEDIUM

Attack vector

LOCAL

Attack complexity

LOW

Privileges required

NONE

Confidentiality impact

NONE

Integrity impact

NONE

Availability impact

HIGH

local

low complexity

yasm-project

CWE-787

NVD

Published: 2023-04-24

Updated: 2024-08-02

Summary

yasm 1.3.0.55.g101bc was discovered to contain a stack overflow via the function parse_expr5 at /nasm/nasm-parse.c. Note: This has been disputed by third parties who argue this is a bug and not a security issue because yasm is a standalone program not designed to run untrusted code.

Vulnerable Configurations

Part	Description	Count
Application	Yasm_Project Yasm Project Yasm 1.3.0.55.G101Bc	1

Common Weakness Enumeration (CWE)

CWE-787 - Out-of-bounds Write

References

https://github.com/yasm/yasm/issues/218
https://github.com/z1r00/fuzz_vuln/blob/main/yasm/stack-overflow/parse_expr5/readme.md