Bug 2186333 (CVE-2023-29581)

Summary: CVE-2023-29581 yasm: segmentation violation in delete_Token() in modules/preprocs/nasm/nasm-pp.c
Product: [Other] Security Response Reporter: Pedro Sampaio <psampaio>
Component: vulnerabilityAssignee: Nobody <nobody>
Status: NEW --- QA Contact:
Severity: low Docs Contact:
Priority: low    
Version: unspecifiedCC: fjansen, nickc, sipoyare
Target Milestone: ---Keywords: Security
Target Release: ---   
Hardware: All   
OS: Linux   
Whiteboard:
Fixed In Version: Doc Type: If docs needed, set a value
Doc Text:
Story Points: ---
Clone Of: Environment:
Last Closed: Type: ---
Regression: --- Mount Type: ---
Documentation: --- CRM:
Verified Versions: Category: ---
oVirt Team: --- RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: --- Target Upstream Version:
Embargoed:
Bug Depends On: 2186334, 2186335, 2186869, 2186870    
Bug Blocks: 2186336    

Description Pedro Sampaio 2023-04-12 21:23:43 UTC 
yasm 1.3.0.55.g101bc was discovered to contain a segmentation violation via the function delete_Token at /nasm/nasm-pp.c.

References:
https://github.com/yasm/yasm/issues/216
https://github.com/z1r00/fuzz_vuln/blob/main/yasm/segv/delete_Token/readme.md
Comment 1 Pedro Sampaio 2023-04-12 21:24:03 UTC 
Created yasm tracking bugs for this issue:

Affects: epel-all [bug 2186335]
Affects: fedora-all [bug 2186334]
Comment 4 Siddhesh Poyarekar 2023-04-14 17:50:19 UTC 
Why is this a security issue? Assemblers are not a service and shouldn't be required to accept untrusted input.
Comment 5 Pedro Sampaio 2023-04-14 21:09:27 UTC 
As far as I can see, this CVE was not assigned by us, but by Mitre and since it was published, we have to file the bug nonetheless. Any requests to reject this CVE ID have to be directed to Mitre via cveform:

https://cveform.mitre.org/
Comment 8 Dominik 'Rathann' Mierzejewski 2024-03-22 12:00:46 UTC 
Thanks for the link, rejection request sent.