Bug 2256611 (CVE-2023-49554) - CVE-2023-49554 yasm: remote attacker cause a denial of service via the do_directive function
Summary: CVE-2023-49554 yasm: remote attacker cause a denial of service via the do_dir...
Keywords:
Status: CLOSED NOTABUG
Alias: CVE-2023-49554
Product: Security Response
Classification: Other
Component: vulnerability
Version: unspecified
Hardware: All
OS: Linux
medium
medium
Target Milestone: ---
Assignee: Product Security
QA Contact:
URL:
Whiteboard:
Depends On: 2256615 2256616
Blocks: 2256599
TreeView+ depends on / blocked
 
Reported: 2024-01-03 11:25 UTC by Rohit Keshri
Modified: 2024-03-19 12:34 UTC (History)
1 user (show)

Fixed In Version:
Doc Type: If docs needed, set a value
Doc Text:
Use After Free vulnerability in YASM 1.3.0.86.g9def allows a remote attacker to cause a denial of service via the do_directive function in the modules/preprocs/nasm/nasm-pp.c component.
Clone Of:
Environment:
Last Closed: 2024-01-23 13:32:11 UTC
Embargoed:


Attachments (Terms of Use)

Description Rohit Keshri 2024-01-03 11:25:10 UTC
Use After Free vulnerability in YASM 1.3.0.86.g9def allows a remote attacker to cause a denial of service via the do_directive function in the modules/preprocs/nasm/nasm-pp.c component.

https://github.com/yasm/yasm/issues/249

Comment 1 Rohit Keshri 2024-01-03 11:28:07 UTC
Created yasm tracking bugs for this issue:

Affects: epel-all [bug 2256615]
Affects: fedora-all [bug 2256616]

Comment 3 Nick Clifton 2024-01-16 11:42:54 UTC
I have filed a dispute for this CVE based upon the fact that it does not meet the criteria for a security vulnerability as established by the yasm project's security.md file:

https://redhat.service-now.com/help?id=rh_ticket&table=incident&sys_id=91e8cf21db6b759433c345e8139619c6

Please could ProdSec respond ?

Comment 4 Rohit Keshri 2024-01-18 14:31:20 UTC
Thank you for sharing this information with us.
CVE-2023-49554
├─ State:	PUBLISHED
└─ Owning CNA:	mitre

Since this CVE is not assigned by Red Hat, we are working on this.


Note You need to log in before you can comment on or make changes to this bug.