PT-2024-2674 · Yasm+2 · Yasm+2
Vorfreuder
·
Published
2024-01-02
·
Updated
2024-04-09
·
CVE-2023-49554
CVSS v3.1
5.5
Medium
| Vector | AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H |
Name of the Vulnerable Software and Affected Versions
YASM version 1.3.0.86.g9def
Description
The issue is related to a Use After Free vulnerability in the
do directive() function, located in the modules/preprocs/nasm/nasm-pp.c component. This vulnerability allows a remote attacker to cause a denial of service. The vulnerability is associated with memory handling errors, which can be exploited by an attacker to disrupt service.Recommendations
For YASM version 1.3.0.86.g9def, consider disabling the
do directive() function as a temporary workaround until a patch is available. Restrict access to the modules/preprocs/nasm/nasm-pp.c component to minimize the risk of exploitation. At the moment, there is no information about a newer version that contains a fix for this vulnerability.Exploit
DoS
Use After Free
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Debian
Red Os
Yasm