Bug 2186333 (CVE-2023-29581) - CVE-2023-29581 yasm: segmentation violation in delete_Token() in modules/preprocs/nasm/nasm-pp.c
Summary: CVE-2023-29581 yasm: segmentation violation in delete_Token() in modules/prep...
Status: NEW
Alias: CVE-2023-29581
Product: Security Response
Classification: Other
Component: vulnerability
Version: unspecified
Hardware: All
OS: Linux
Target Milestone: ---
Assignee: Nobody
QA Contact:
Depends On: 2186334 2186335 2186869 2186870
Blocks: 2186336
TreeView+ depends on / blocked
Reported: 2023-04-12 21:23 UTC by Pedro Sampaio
Modified: 2024-03-22 12:00 UTC (History)
3 users (show)

Fixed In Version:
Doc Type: If docs needed, set a value
Doc Text:
Clone Of:
Last Closed:

Attachments (Terms of Use)

Description Pedro Sampaio 2023-04-12 21:23:43 UTC
yasm was discovered to contain a segmentation violation via the function delete_Token at /nasm/nasm-pp.c.


Comment 1 Pedro Sampaio 2023-04-12 21:24:03 UTC
Created yasm tracking bugs for this issue:

Affects: epel-all [bug 2186335]
Affects: fedora-all [bug 2186334]

Comment 4 Siddhesh Poyarekar 2023-04-14 17:50:19 UTC
Why is this a security issue? Assemblers are not a service and shouldn't be required to accept untrusted input.

Comment 5 Pedro Sampaio 2023-04-14 21:09:27 UTC
As far as I can see, this CVE was not assigned by us, but by Mitre and since it was published, we have to file the bug nonetheless. Any requests to reject this CVE ID have to be directed to Mitre via cveform:


Comment 8 Dominik 'Rathann' Mierzejewski 2024-03-22 12:00:46 UTC
Thanks for the link, rejection request sent.

Note You need to log in before you can comment on or make changes to this bug.