Vorfreuder

**Name of the Vulnerable Software and Affected Versions** Cesanta mjs version 2.20.0 **Description** An issue in Cesanta mjs allows a remote attacker to cause a denial of service via the `mjs getretvalpos` function in the msj.c file. **Recommendations** For Cesanta mjs version 2.20.0, consider disabling the `mjs getretvalpos` function as a temporary workaround until a patch is available.

**Name of the Vulnerable Software and Affected Versions** Cesanta mjs version 2.20.0 **Description** An issue in Cesanta mjs allows a remote attacker to cause a denial of service via the `mjs+0x4ec508` component. **Recommendations** For Cesanta mjs version 2.20.0, at the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** Cesanta mjs version 2.20.0 **Description** An issue in Cesanta mjs allows a remote attacker to cause a denial of service via the `mjs op json parse` function in the msj.c file. **Recommendations** For Cesanta mjs version 2.20.0, consider disabling the `mjs op json parse` function as a temporary workaround until a patch is available.

**Name of the Vulnerable Software and Affected Versions** Cesanta mjs version 2.20.0 **Description** An Out of Bounds Write in Cesanta mjs allows a remote attacker to cause a denial of service via the `mjs op json stringify` function in the msj.c file. **Recommendations** For Cesanta mjs version 2.20.0, consider disabling the `mjs op json stringify` function as a temporary workaround until a patch is available. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** Cesanta mjs version 2.20.0 **Description** An issue in Cesanta mjs allows a remote attacker to cause a denial of service via the `mjs destroy` function in the msj.c file. **Recommendations** For Cesanta mjs version 2.20.0, consider disabling the `mjs destroy` function as a temporary workaround until a patch is available.

**Name of the Vulnerable Software and Affected Versions** YASM version 1.3.0.86.g9def **Description** The issue in YASM is related to the `expand mmac params` function, which is associated with an uncontrolled consumption of resources. Exploitation of this issue may allow an attacker to cause a denial of service. The vulnerable component is located in the `modules/preprocs/nasm/nasm-pp.c` file. **Recommendations** For YASM version 1.3.0.86.g9def, consider disabling the `expand mmac params` function as a temporary workaround until a patch is available. Restrict access to the `modules/preprocs/nasm/nasm-pp.c` component to minimize the risk of exploitation. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** YASM version 1.3.0.86.g9def **Description** The issue is related to a buffer overflow vulnerability in the `expr delete term()` function of the YASM assembler, which can lead to a denial of service. This vulnerability allows a remote attacker to cause a denial of service via the `expr delete term` function in the `libyasm/expr.c` component. **Recommendations** For YASM version 1.3.0.86.g9def, consider disabling the `expr delete term()` function as a temporary workaround until a patch is available. Restrict access to the `libyasm/expr.c` component to minimize the risk of exploitation. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** YASM version 1.3.0.86.g9def **Description** The issue in YASM is related to the `expand smacro()` function, which can lead to uncontrolled resource consumption. This can allow a remote attacker to cause a denial of service. The vulnerable component is located in the `modules/preprocs/nasm/nasm-pp.c` file. **Recommendations** For YASM version 1.3.0.86.g9def, consider disabling the `expand smacro()` function as a temporary workaround to minimize the risk of exploitation. Restrict access to the `modules/preprocs/nasm/nasm-pp.c` component to reduce the attack surface. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** YASM version 1.3.0.86.g9def **Description** The issue is related to a Use After Free vulnerability in the `do directive()` function, located in the `modules/preprocs/nasm/nasm-pp.c` component. This vulnerability allows a remote attacker to cause a denial of service. The vulnerability is associated with memory handling errors, which can be exploited by an attacker to disrupt service. **Recommendations** For YASM version 1.3.0.86.g9def, consider disabling the `do directive()` function as a temporary workaround until a patch is available. Restrict access to the `modules/preprocs/nasm/nasm-pp.c` component to minimize the risk of exploitation. At the moment, there is no information about a newer version that contains a fix for this vulnerability.