CVE-2023-29581

See a problem?
Please try reporting it to the source first.

Source

https://nvd.nist.gov/vuln/detail/CVE-2023-29581

Import Source

https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2023-29581.json

JSON Data

https://api.test.osv.dev/v1/vulns/CVE-2023-29581

Published

2023-04-12T16:15:19Z

Modified

2025-07-03T02:09:08.519349Z

Severity

5.5 (Medium) CVSS_V3 - CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H CVSS Calculator

Summary

[none]

Details

yasm 1.3.0.55.g101bc has a segmentation violation in the function delete_Token at modules/preprocs/nasm/nasm-pp.c. NOTE: although a libyasm application could become unavailable if this were exploited, the vendor's position is that there is no security relevance because there is either supposed to be input validation before data reaches libyasm, or a sandbox in which the application runs.

References

Affected packages

Debian:11 / yasm

Package

Name: yasm
Purl: pkg:deb/debian/yasm?arch=source

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Affected versions

1.*

1.3.0-2.1

1.3.0-2.2

1.3.0-3

1.3.0-4

1.3.0-5

1.3.0-6

1.3.0-7

Ecosystem specific

{
    "urgency": "unimportant"
}

Debian:12 / yasm

Package

Name: yasm
Purl: pkg:deb/debian/yasm?arch=source

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Affected versions

1.*

1.3.0-4

1.3.0-5

1.3.0-6

1.3.0-7

Ecosystem specific

{
    "urgency": "unimportant"
}

Debian:13 / yasm

Package

Name: yasm
Purl: pkg:deb/debian/yasm?arch=source

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Affected versions

1.*

1.3.0-4

1.3.0-5

1.3.0-6

1.3.0-7

Ecosystem specific

{
    "urgency": "unimportant"
}