PT-2024-2673 · Yasm+2 · Yasm+2
Vorfreuder
·
Published
2024-01-02
·
Updated
2025-06-17
·
CVE-2023-49555
CVSS v3.1
5.5
Medium
| Vector | AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H |
Name of the Vulnerable Software and Affected Versions
YASM version 1.3.0.86.g9def
Description
The issue in YASM is related to the
expand smacro() function, which can lead to uncontrolled resource consumption. This can allow a remote attacker to cause a denial of service. The vulnerable component is located in the modules/preprocs/nasm/nasm-pp.c file.Recommendations
For YASM version 1.3.0.86.g9def, consider disabling the
expand smacro() function as a temporary workaround to minimize the risk of exploitation. Restrict access to the modules/preprocs/nasm/nasm-pp.c component to reduce the attack surface. At the moment, there is no information about a newer version that contains a fix for this vulnerability.Exploit
DoS
Resource Exhaustion
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Debian
Red Os
Yasm