Vulnerability Description
yasm 1.3.0.55.g101bc was discovered to contain a stack overflow via the function parse_expr1 at /nasm/nasm-parse.c. Note: This has been disputed by third parties who argue this is a bug and not a security issue because yasm is a standalone program not designed to run untrusted code.
CVSS Score
MEDIUM
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Yasm Project | Yasm | 1.3.0.55.g101bc |
Related Weaknesses (CWE)
References
- https://bugzilla.redhat.com/show_bug.cgi?id=2189601#c3
- https://github.com/yasm/yasm/issues/217ExploitIssue Tracking
- https://github.com/z1r00/fuzz_vuln/blob/main/yasm/stack-overflow/parse_expr1/reaExploit
- https://bugzilla.redhat.com/show_bug.cgi?id=2189601#c3
- https://github.com/yasm/yasm/issues/217ExploitIssue Tracking
- https://github.com/z1r00/fuzz_vuln/blob/main/yasm/stack-overflow/parse_expr1/reaExploit
FAQ
What is CVE-2023-29582?
CVE-2023-29582 is a vulnerability with a CVSS score of 5.5 (MEDIUM). yasm 1.3.0.55.g101bc was discovered to contain a stack overflow via the function parse_expr1 at /nasm/nasm-parse.c. Note: This has been disputed by third parties who argue this is a bug and not a secu...
How severe is CVE-2023-29582?
CVE-2023-29582 has been rated MEDIUM with a CVSS base score of 5.5/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2023-29582?
Check the references section above for vendor advisories and patch information. Affected products include: Yasm Project Yasm.