Bug 2256600 (CVE-2023-49558) - CVE-2023-49558 YASM: allows a remote attacker to cause a denial of service via the expand_mmac_params
Summary: CVE-2023-49558 YASM: allows a remote attacker to cause a denial of service vi...
Keywords:
Status: CLOSED NOTABUG
Alias: CVE-2023-49558
Product: Security Response
Classification: Other
Component: vulnerability
Version: unspecified
Hardware: All
OS: Linux
medium
medium
Target Milestone: ---
Assignee: Product Security
QA Contact:
URL:
Whiteboard:
Depends On: 2256601 2256602
Blocks: 2256599
TreeView+ depends on / blocked
 
Reported: 2024-01-03 11:09 UTC by Rohit Keshri
Modified: 2024-03-19 12:33 UTC (History)
1 user (show)

Fixed In Version:
Clone Of:
Environment:
Last Closed: 2024-01-23 13:31:23 UTC
Embargoed:

Attachments (Terms of Use)

Description Rohit Keshri 2024-01-03 11:09:32 UTC 
An issue in YASM 1.3.0.86.g9def allows a remote attacker to cause a denial of service via the expand_mmac_params function in the modules/preprocs/nasm/nasm-pp.c component.

https://github.com/yasm/yasm/issues/252
Comment 1 Rohit Keshri 2024-01-03 11:10:59 UTC 
Created yasm tracking bugs for this issue:

Affects: epel-all [bug 2256601]
Affects: fedora-all [bug 2256602]
Comment 3 Nick Clifton 2024-01-16 11:46:00 UTC 
I have filed a dispute for this CVE based upon the fact that it does not meet the criteria for a security vulnerability as established by the yasm project's security.md file:

https://redhat.service-now.com/help?id=rh_ticket&table=incident&sys_id=91e8cf21db6b759433c345e8139619c6

Please could ProdSec respond ?
Comment 4 Rohit Keshri 2024-01-18 14:28:59 UTC 
Thank you for sharing this information with us.
~~~
CVE-2023-49558
├─ State:	PUBLISHED
└─ Owning CNA:	mitre
~~~

Since this CVE is not assigned by Red Hat, we are working on this.
Note You need to log in before you can comment on or make changes to this bug.