CVE-2023-29581

low-risk
Published 2023-04-12

yasm 1.3.0.55.g101bc has a segmentation violation in the function delete_Token at modules/preprocs/nasm/nasm-pp.c. NOTE: although a libyasm application could become unavailable if this were exploited, the vendor's position is that there is no security relevance because there is either supposed to be input validation before data reaches libyasm, or a sandbox in which the application runs.

Do I need to act?

-
0.17% chance of exploitation
EPSS score — low exploit probability
-
Not on CISA KEV list
No confirmed active exploitation reported to CISA
?
Patch status unknown
Check vendor advisories for fix availability and mitigation guidance
5
CVSS 5.5/10 Medium
LOCAL / LOW complexity

Affected Products (1)

Yasm

Affected Vendors

Yasm Project

References (8)

https://bugzilla.redhat.com/show_bug.cgi?id=2186333
https://github.com/yasm/yasm/blob/master/SECURITY.md
Exploit https://github.com/yasm/yasm/issues/216
Exploit https://github.com/z1r00/fuzz_vuln/blob/main/yasm/segv/delete_Token/readme.md
https://bugzilla.redhat.com/show_bug.cgi?id=2186333
https://github.com/yasm/yasm/blob/master/SECURITY.md
Exploit https://github.com/yasm/yasm/issues/216
Exploit https://github.com/z1r00/fuzz_vuln/blob/main/yasm/segv/delete_Token/readme.md
24
/ 100
low-risk
Severity 18/34 · Moderate
Exploitability 1/34 · Minimal
Exposure 5/34 · Minimal