Memory leak in yasm - CVE-2023-31975
Published: February 2, 2024
Vulnerability identifier: #VU86048
CSH Severity: Medium
CVSSv4.0: CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:A/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N/E:U/U:Green
CVE-ID: CVE-2023-31975
CWE-ID: CWE-401
Exploitation vector: Remote access
Exploit availability:
No public exploit available
Vulnerable software:
yasm
yasm
Software vendor:
www.tortall.net
www.tortall.net
Description
The vulnerability allows a remote attacker to perform DoS attack on the target system.
The vulnerability exists due memory leak within the yasm_intnum_copy() function in /libyasm/intnum.c. A remote attacker can trick the victim to open a specially crafted file and perform denial of service attack.
Remediation
Install updates from vendor's website.
External links
- https://github.com/yasm/yasm/issues/210
- http://www.openwall.com/lists/oss-security/2023/06/20/6
- http://www.openwall.com/lists/oss-security/2023/06/21/2
- http://www.openwall.com/lists/oss-security/2023/06/21/7
- http://www.openwall.com/lists/oss-security/2023/06/21/8
- http://www.openwall.com/lists/oss-security/2023/06/21/5
- http://www.openwall.com/lists/oss-security/2023/06/21/9
- http://www.openwall.com/lists/oss-security/2023/06/21/10
- http://www.openwall.com/lists/oss-security/2023/06/21/13
- http://www.openwall.com/lists/oss-security/2023/06/22/1
- http://www.openwall.com/lists/oss-security/2023/06/22/3
- http://www.openwall.com/lists/oss-security/2023/06/22/6
- http://www.openwall.com/lists/oss-security/2023/06/23/1
- http://www.openwall.com/lists/oss-security/2023/06/23/2
- http://www.openwall.com/lists/oss-security/2023/06/23/4
- http://www.openwall.com/lists/oss-security/2023/06/23/9
- http://www.openwall.com/lists/oss-security/2023/06/23/8
- http://www.openwall.com/lists/oss-security/2023/06/24/1