Vulnerabilities > CVE-2023-30402 - Out-of-bounds Write vulnerability in Yasm Project Yasm 1.3.0

CVSS 5.5 - MEDIUM

Attack vector

LOCAL

Attack complexity

LOW

Privileges required

NONE

Confidentiality impact

NONE

Integrity impact

NONE

Availability impact

HIGH

local

low complexity

yasm-project

CWE-787

NVD

Published: 2023-04-25

Updated: 2024-08-02

Summary

YASM v1.3.0 was discovered to contain a heap overflow via the function handle_dot_label at /nasm/nasm-token.re. Note: This has been disputed by third parties who argue this is a bug and not a security issue because yasm is a standalone program not designed to run untrusted code.

Vulnerable Configurations

Part	Description	Count
Application	Yasm_Project Yasm Project Yasm 1.3.0	1

Common Weakness Enumeration (CWE)

CWE-787 - Out-of-bounds Write

References

https://github.com/yasm/yasm/issues/206