Bug 2256605 (CVE-2023-49557) - CVE-2023-49557 YASM: remote attacker to cause a denial of service via the yasm_section_bcs_first
Summary: CVE-2023-49557 YASM: remote attacker to cause a denial of service via the yas...
Keywords:
Status: CLOSED NOTABUG
Alias: CVE-2023-49557
Product: Security Response
Classification: Other
Component: vulnerability
Version: unspecified
Hardware: All
OS: Linux
medium
medium
Target Milestone: ---
Assignee: Product Security
QA Contact:
URL:
Whiteboard:
Depends On: 2256606 2256607
Blocks: 2256599
TreeView+ depends on / blocked
 
Reported: 2024-01-03 11:17 UTC by Rohit Keshri
Modified: 2024-03-19 12:34 UTC (History)
1 user (show)

Fixed In Version:
Doc Type: If docs needed, set a value
Doc Text:
An issue in YASM 1.3.0.86.g9def allows a remote attacker to cause a denial of service via the yasm_section_bcs_first function in the libyasm/section.c component.
Clone Of:
Environment:
Last Closed: 2024-01-23 13:31:42 UTC
Embargoed:


Attachments (Terms of Use)

Description Rohit Keshri 2024-01-03 11:17:57 UTC
An issue in YASM 1.3.0.86.g9def allows a remote attacker to cause a denial of service via the yasm_section_bcs_first function in the libyasm/section.c component.

https://github.com/yasm/yasm/issues/253

Comment 1 Rohit Keshri 2024-01-03 11:18:43 UTC
Created yasm tracking bugs for this issue:

Affects: epel-all [bug 2256606]
Affects: fedora-all [bug 2256607]

Comment 3 Nick Clifton 2024-01-16 11:45:23 UTC
I have filed a dispute for this CVE based upon the fact that it does not meet the criteria for a security vulnerability as established by the yasm project's security.md file:

https://redhat.service-now.com/help?id=rh_ticket&table=incident&sys_id=91e8cf21db6b759433c345e8139619c6

Please could ProdSec respond ?

Comment 4 Rohit Keshri 2024-01-18 14:33:30 UTC
Thank you for sharing this information with us.
CVE-2023-49557
├─ State:	PUBLISHED
└─ Owning CNA:	mitre

Since this CVE is not assigned by Red Hat, we are working on this.


Note You need to log in before you can comment on or make changes to this bug.