Use After Free vulnerability in YASM 1.3.0.86.g9def allows a remote attacker to cause a denial of service via the do_directive function in the modules/preprocs/nasm/nasm-pp.c component. https://github.com/yasm/yasm/issues/249
Created yasm tracking bugs for this issue: Affects: epel-all [bug 2256615] Affects: fedora-all [bug 2256616]
I have filed a dispute for this CVE based upon the fact that it does not meet the criteria for a security vulnerability as established by the yasm project's security.md file: https://redhat.service-now.com/help?id=rh_ticket&table=incident&sys_id=91e8cf21db6b759433c345e8139619c6 Please could ProdSec respond ?
Thank you for sharing this information with us. CVE-2023-49554 ├─ State: PUBLISHED └─ Owning CNA: mitre Since this CVE is not assigned by Red Hat, we are working on this.