yasm
Products
1- 36 CVEs
Recent CVEs
36| CVE | Vendor / Product | Sev | Risk | CVSS | EPSS | KEV | Published | Description |
|---|---|---|---|---|---|---|---|---|
| CVE-2023-31724 | Hig | 0.51 | 7.8 | 0.00 | May 17, 2023 | yasm 1.3.0.55.g101bc was discovered to contain a segmentation violation via the function do_directive at /nasm/nasm-pp.c. | ||
| CVE-2023-51258 | Med | 0.36 | 5.5 | 0.00 | Jan 18, 2024 | A memory leak issue discovered in YASM v.1.3.0 allows a local attacker to cause a denial of service via the new_Token function in the modules/preprocs/nasm/nasm-pp:1512. | ||
| CVE-2023-49558 | Med | 0.36 | 5.5 | 0.00 | Jan 3, 2024 | An issue in YASM 1.3.0.86.g9def allows a remote attacker to cause a denial of service via the expand_mmac_params function in the modules/preprocs/nasm/nasm-pp.c component. | ||
| CVE-2023-49557 | Med | 0.36 | 5.5 | 0.00 | Jan 3, 2024 | An issue in YASM 1.3.0.86.g9def allows a remote attacker to cause a denial of service via the yasm_section_bcs_first function in the libyasm/section.c component. | ||
| CVE-2023-49556 | Med | 0.36 | 5.5 | 0.00 | Jan 3, 2024 | Buffer Overflow vulnerability in YASM 1.3.0.86.g9def allows a remote attacker to cause a denial of service via the expr_delete_term function in the libyasm/expr.c component. | ||
| CVE-2023-49555 | Med | 0.36 | 5.5 | 0.00 | Jan 3, 2024 | An issue in YASM 1.3.0.86.g9def allows a remote attacker to cause a denial of service via the expand_smacro function in the modules/preprocs/nasm/nasm-pp.c component. | ||
| CVE-2023-49554 | Med | 0.36 | 5.5 | 0.00 | Jan 3, 2024 | Use After Free vulnerability in YASM 1.3.0.86.g9def allows a remote attacker to cause a denial of service via the do_directive function in the modules/preprocs/nasm/nasm-pp.c component. | ||
| CVE-2023-37732 | Med | 0.36 | 5.5 | 0.00 | Jul 26, 2023 | Yasm v1.3.0.78 was found prone to NULL Pointer Dereference in /libyasm/intnum.c and /elf/elf.c, which allows the attacker to cause a denial of service via a crafted file. | ||
| CVE-2023-31725 | Med | 0.36 | 5.5 | 0.00 | May 17, 2023 | yasm 1.3.0.55.g101bc was discovered to contain a heap-use-after-free via the function expand_mmac_params at yasm/modules/preprocs/nasm/nasm-pp.c. | ||
| CVE-2023-31723 | Med | 0.36 | 5.5 | 0.00 | May 17, 2023 | yasm 1.3.0.55.g101bc was discovered to contain a segmentation violation via the function expand_mmac_params at /nasm/nasm-pp.c. | ||
| CVE-2023-31973 | Med | 0.36 | 5.5 | 0.00 | May 9, 2023 | yasm v1.3.0 was discovered to contain a use after free via the function expand_mmac_params at /nasm/nasm-pp.c. Note: Multiple third parties dispute this as a bug and not a vulnerability according to the YASM security policy. | ||
| CVE-2023-31974 | Med | 0.36 | 5.5 | 0.00 | May 9, 2023 | yasm v1.3.0 was discovered to contain a use after free via the function error at /nasm/nasm-pp.c. Note: Multiple third parties dispute this as a bug and not a vulnerability according to the YASM security policy. | ||
| CVE-2023-31972 | Med | 0.36 | 5.5 | 0.00 | May 9, 2023 | yasm v1.3.0 was discovered to contain a use after free via the function pp_getline at /nasm/nasm-pp.c. Note: Multiple third parties dispute this as a bug and not a vulnerability according to the YASM security policy. | ||
| CVE-2023-30402 | Med | 0.36 | 5.5 | 0.00 | Apr 25, 2023 | YASM v1.3.0 was discovered to contain a heap overflow via the function handle_dot_label at /nasm/nasm-token.re. Note: This has been disputed by third parties who argue this is a bug and not a security issue because yasm is a standalone program not designed to run untrusted code. | ||
| CVE-2023-29583 | Med | 0.36 | 5.5 | 0.00 | Apr 24, 2023 | yasm 1.3.0.55.g101bc was discovered to contain a stack overflow via the function parse_expr5 at /nasm/nasm-parse.c. Note: This has been disputed by third parties who argue this is a bug and not a security issue because yasm is a standalone program not designed to run untrusted… | ||
| CVE-2023-29582 | Med | 0.36 | 5.5 | 0.00 | Apr 24, 2023 | yasm 1.3.0.55.g101bc was discovered to contain a stack overflow via the function parse_expr1 at /nasm/nasm-parse.c. Note: This has been disputed by third parties who argue this is a bug and not a security issue because yasm is a standalone program not designed to run untrusted… | ||
| CVE-2023-29579 | Med | 0.36 | 5.5 | 0.00 | Apr 24, 2023 | yasm 1.3.0.55.g101bc was discovered to contain a stack overflow via the component yasm/yasm+0x43b466 in vsprintf. Note: This has been disputed by third parties who argue this is a bug and not a security issue because yasm is a standalone program not designed to run untrusted… | ||
| CVE-2023-29581 | Med | 0.36 | 5.5 | 0.00 | Apr 12, 2023 | yasm 1.3.0.55.g101bc has a segmentation violation in the function delete_Token at modules/preprocs/nasm/nasm-pp.c. NOTE: although a libyasm application could become unavailable if this were exploited, the vendor's position is that there is no security relevance because there is… | ||
| CVE-2023-29580 | Med | 0.36 | 5.5 | 0.00 | Apr 12, 2023 | yasm 1.3.0.55.g101bc was discovered to contain a segmentation violation via the component yasm_expr_create at /libyasm/expr.c. | ||
| CVE-2021-33468 | Med | 0.36 | 5.5 | 0.00 | Jul 26, 2022 | An issue was discovered in yasm version 1.3.0. There is a use-after-free in error() in modules/preprocs/nasm/nasm-pp.c. |
- risk 0.51cvss 7.8epss 0.00
yasm 1.3.0.55.g101bc was discovered to contain a segmentation violation via the function do_directive at /nasm/nasm-pp.c.
- risk 0.36cvss 5.5epss 0.00
A memory leak issue discovered in YASM v.1.3.0 allows a local attacker to cause a denial of service via the new_Token function in the modules/preprocs/nasm/nasm-pp:1512.
- risk 0.36cvss 5.5epss 0.00
An issue in YASM 1.3.0.86.g9def allows a remote attacker to cause a denial of service via the expand_mmac_params function in the modules/preprocs/nasm/nasm-pp.c component.
- risk 0.36cvss 5.5epss 0.00
An issue in YASM 1.3.0.86.g9def allows a remote attacker to cause a denial of service via the yasm_section_bcs_first function in the libyasm/section.c component.
- risk 0.36cvss 5.5epss 0.00
Buffer Overflow vulnerability in YASM 1.3.0.86.g9def allows a remote attacker to cause a denial of service via the expr_delete_term function in the libyasm/expr.c component.
- risk 0.36cvss 5.5epss 0.00
An issue in YASM 1.3.0.86.g9def allows a remote attacker to cause a denial of service via the expand_smacro function in the modules/preprocs/nasm/nasm-pp.c component.
- risk 0.36cvss 5.5epss 0.00
Use After Free vulnerability in YASM 1.3.0.86.g9def allows a remote attacker to cause a denial of service via the do_directive function in the modules/preprocs/nasm/nasm-pp.c component.
- risk 0.36cvss 5.5epss 0.00
Yasm v1.3.0.78 was found prone to NULL Pointer Dereference in /libyasm/intnum.c and /elf/elf.c, which allows the attacker to cause a denial of service via a crafted file.
- risk 0.36cvss 5.5epss 0.00
yasm 1.3.0.55.g101bc was discovered to contain a heap-use-after-free via the function expand_mmac_params at yasm/modules/preprocs/nasm/nasm-pp.c.
- risk 0.36cvss 5.5epss 0.00
yasm 1.3.0.55.g101bc was discovered to contain a segmentation violation via the function expand_mmac_params at /nasm/nasm-pp.c.
- risk 0.36cvss 5.5epss 0.00
yasm v1.3.0 was discovered to contain a use after free via the function expand_mmac_params at /nasm/nasm-pp.c. Note: Multiple third parties dispute this as a bug and not a vulnerability according to the YASM security policy.
- risk 0.36cvss 5.5epss 0.00
yasm v1.3.0 was discovered to contain a use after free via the function error at /nasm/nasm-pp.c. Note: Multiple third parties dispute this as a bug and not a vulnerability according to the YASM security policy.
- risk 0.36cvss 5.5epss 0.00
yasm v1.3.0 was discovered to contain a use after free via the function pp_getline at /nasm/nasm-pp.c. Note: Multiple third parties dispute this as a bug and not a vulnerability according to the YASM security policy.
- risk 0.36cvss 5.5epss 0.00
YASM v1.3.0 was discovered to contain a heap overflow via the function handle_dot_label at /nasm/nasm-token.re. Note: This has been disputed by third parties who argue this is a bug and not a security issue because yasm is a standalone program not designed to run untrusted code.
- risk 0.36cvss 5.5epss 0.00
yasm 1.3.0.55.g101bc was discovered to contain a stack overflow via the function parse_expr5 at /nasm/nasm-parse.c. Note: This has been disputed by third parties who argue this is a bug and not a security issue because yasm is a standalone program not designed to run untrusted…
- risk 0.36cvss 5.5epss 0.00
yasm 1.3.0.55.g101bc was discovered to contain a stack overflow via the function parse_expr1 at /nasm/nasm-parse.c. Note: This has been disputed by third parties who argue this is a bug and not a security issue because yasm is a standalone program not designed to run untrusted…
- risk 0.36cvss 5.5epss 0.00
yasm 1.3.0.55.g101bc was discovered to contain a stack overflow via the component yasm/yasm+0x43b466 in vsprintf. Note: This has been disputed by third parties who argue this is a bug and not a security issue because yasm is a standalone program not designed to run untrusted…
- risk 0.36cvss 5.5epss 0.00
yasm 1.3.0.55.g101bc has a segmentation violation in the function delete_Token at modules/preprocs/nasm/nasm-pp.c. NOTE: although a libyasm application could become unavailable if this were exploited, the vendor's position is that there is no security relevance because there is…
- risk 0.36cvss 5.5epss 0.00
yasm 1.3.0.55.g101bc was discovered to contain a segmentation violation via the component yasm_expr_create at /libyasm/expr.c.
- risk 0.36cvss 5.5epss 0.00
An issue was discovered in yasm version 1.3.0. There is a use-after-free in error() in modules/preprocs/nasm/nasm-pp.c.