Bug 2256608 (CVE-2023-49556) - CVE-2023-49556 yasm: remote attacker to cause a denial of service via the expr_delete_term
Summary: CVE-2023-49556 yasm: remote attacker to cause a denial of service via the exp...
Keywords:
Status: CLOSED NOTABUG
Alias: CVE-2023-49556
Product: Security Response
Classification: Other
Component: vulnerability
Version: unspecified
Hardware: All
OS: Linux
medium
medium
Target Milestone: ---
Assignee: Product Security
QA Contact:
URL:
Whiteboard:
Depends On: 2256609 2256610
Blocks: 2256599
TreeView+ depends on / blocked
 
Reported: 2024-01-03 11:20 UTC by Rohit Keshri
Modified: 2024-03-19 12:34 UTC (History)
1 user (show)

Fixed In Version:
Clone Of:
Environment:
Last Closed: 2024-01-23 13:32:10 UTC
Embargoed:

Attachments (Terms of Use)

Description Rohit Keshri 2024-01-03 11:20:34 UTC 
Buffer Overflow vulnerability in YASM 1.3.0.86.g9def allows a remote attacker to cause a denial of service via the expr_delete_term function in the libyasm/expr.c component.

https://github.com/yasm/yasm/issues/250
Comment 1 Rohit Keshri 2024-01-03 11:22:25 UTC 
Created yasm tracking bugs for this issue:

Affects: epel-all [bug 2256609]
Affects: fedora-all [bug 2256610]
Comment 3 Nick Clifton 2024-01-16 11:44:42 UTC 
I have filed a dispute for this CVE based upon the fact that it does not meet the criteria for a security vulnerability as established by the yasm project's security.md file:

https://redhat.service-now.com/help?id=rh_ticket&table=incident&sys_id=91e8cf21db6b759433c345e8139619c6

Please could ProdSec respond ?
Comment 4 Rohit Keshri 2024-01-18 14:32:20 UTC 
Thank you for sharing this information with us.
CVE-2023-49556
├─ State:	PUBLISHED
└─ Owning CNA:	mitre

Since this CVE is not assigned by Red Hat, we are working on this.
Note You need to log in before you can comment on or make changes to this bug.