CVE-2023-29582

yasm 1.3.0.55.g101bc was discovered to contain a stack overflow via the function parse_expr1 at /nasm/nasm-parse.c. Note: This has been disputed by third parties who argue this is a bug and not a security issue because yasm is a standalone program not designed to run untrusted code.
Configurations

Configuration 1 (hide)

cpe:2.3:a:yasm_project:yasm:1.3.0.55.g101bc:*:*:*:*:*:*:*

History

14 May 2024, 12:55

Type Values Removed Values Added
Summary (en) yasm 1.3.0.55.g101bc was discovered to contain a stack overflow via the function parse_expr1 at /nasm/nasm-parse.c. (en) yasm 1.3.0.55.g101bc was discovered to contain a stack overflow via the function parse_expr1 at /nasm/nasm-parse.c. Note: This has been disputed by third parties who argue this is a bug and not a security issue because yasm is a standalone program not designed to run untrusted code.
References
  • () https://bugzilla.redhat.com/show_bug.cgi?id=2189601#c3 -

05 May 2023, 18:04

Type Values Removed Values Added
CVSS v2 : unknown
v3 : 7.8
v2 : unknown
v3 : 5.5

03 May 2023, 14:29

Type Values Removed Values Added
CVSS v2 : unknown
v3 : unknown
v2 : unknown
v3 : 7.8
CWE CWE-787
CPE cpe:2.3:a:yasm_project:yasm:1.3.0.55.g101bc:*:*:*:*:*:*:*
References (MISC) https://github.com/z1r00/fuzz_vuln/blob/main/yasm/stack-overflow/parse_expr1/readme.md - (MISC) https://github.com/z1r00/fuzz_vuln/blob/main/yasm/stack-overflow/parse_expr1/readme.md - Exploit
References (MISC) https://github.com/yasm/yasm/issues/217 - (MISC) https://github.com/yasm/yasm/issues/217 - Exploit, Issue Tracking

24 Apr 2023, 13:15

Type Values Removed Values Added
New CVE

Information

Published : 2023-04-24 13:15

Updated : 2024-08-02 15:15


NVD link : CVE-2023-29582

Mitre link : CVE-2023-29582

CVE.ORG link : CVE-2023-29582


JSON object : View

Products Affected

yasm_project

  • yasm
CWE
CWE-787

Out-of-bounds Write