PT-2024-2670 · Yasm+2 · Yasm+2
Vorfreuder
·
Published
2024-01-02
·
Updated
2024-04-09
·
CVE-2023-49558
CVSS v3.1
5.5
Medium
| Vector | AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H |
Name of the Vulnerable Software and Affected Versions
YASM version 1.3.0.86.g9def
Description
The issue in YASM is related to the
expand mmac params function, which is associated with an uncontrolled consumption of resources. Exploitation of this issue may allow an attacker to cause a denial of service. The vulnerable component is located in the modules/preprocs/nasm/nasm-pp.c file.Recommendations
For YASM version 1.3.0.86.g9def, consider disabling the
expand mmac params function as a temporary workaround until a patch is available. Restrict access to the modules/preprocs/nasm/nasm-pp.c component to minimize the risk of exploitation. At the moment, there is no information about a newer version that contains a fix for this vulnerability.Exploit
Resource Exhaustion
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Debian
Red Os
Yasm