Randomssr

#12298of 53,608
22.1Total CVSS
Vulnerabilities · 4
Low
1
Medium
2
High
1
PT-2023-23547
5.5
2023-05-09
Yasm · Yasm · CVE-2023-31972
**Name of the Vulnerable Software and Affected Versions** yasm version 1.3.0 **Description** A use after free issue was discovered in the `pp getline` function at `/nasm/nasm-pp.c`. Note that multiple third parties dispute this as a bug and not a vulnerability according to the YASM security policy. **Recommendations** For yasm version 1.3.0, consider disabling the `pp getline` function as a temporary workaround until a patch is available. At the moment, there is no information about a newer version that contains a fix for this vulnerability.
PT-2023-23548
7.8
2023-05-09
Yasm · Yasm · CVE-2023-31973
**Name of the Vulnerable Software and Affected Versions** yasm version 1.3.0 **Description** The issue is related to a use after free via the function `expand mmac params` at `/nasm/nasm-pp.c`. Note that multiple third parties dispute this as a bug and not a vulnerability according to the YASM security policy. **Recommendations** For yasm version 1.3.0, consider disabling the `expand mmac params` function as a temporary workaround until a patch is available. At the moment, there is no information about a newer version that contains a fix for this vulnerability.
PT-2023-23549
5.5
2023-05-09
Yasm · Yasm · CVE-2023-31974
**Name of the Vulnerable Software and Affected Versions** yasm version 1.3.0 **Description** The issue is related to a use after free via the function `error` at `/nasm/nasm-pp.c`. Note that multiple third parties dispute this as a bug and not a vulnerability according to the YASM security policy. **Recommendations** For yasm version 1.3.0, consider disabling the `error` function at `/nasm/nasm-pp.c` as a temporary workaround until a patch is available. At the moment, there is no information about a newer version that contains a fix for this vulnerability.
PT-2023-9348
3.3
2023-05-09
Yasm · Yasm · CVE-2023-31975
**Name of the Vulnerable Software and Affected Versions** yasm version 1.3.0 **Description** The issue is related to a memory leak in the yasm intnum copy function of the YASM assembler. This memory leak occurs due to the lack of memory release after its effective term of service. Exploitation of this issue could allow an attacker to cause a denial of service. **Recommendations** For yasm version 1.3.0, consider disabling the `yasm intnum copy` function as a temporary workaround until a patch is available. At the moment, there is no information about a newer version that contains a fix for this vulnerability.