Summary: | dev-lang/yasm: multiple vulnerabilities | ||
---|---|---|---|
Product: | Gentoo Security | Reporter: | John Helmert III <ajak> |
Component: | Vulnerabilities | Assignee: | Gentoo Security <security> |
Status: | CONFIRMED --- | ||
Severity: | normal | CC: | base-system |
Priority: | Normal | ||
Version: | unspecified | ||
Hardware: | All | ||
OS: | Linux | ||
URL: | https://gist.github.com/Clingto/bb632c0c463f4b2c97e4f65f751c5e6d | ||
Whiteboard: | ?? | ||
Package list: | Runtime testing required: | --- |
Description
John Helmert III
2022-07-29 16:44:09 UTC
CVE-2023-30402 (https://github.com/yasm/yasm/issues/206): YASM v1.3.0 was discovered to contain a heap overflow via the function handle_dot_label at /nasm/nasm-token.re. CVE-2023-29582 (https://github.com/yasm/yasm/issues/217): yasm 1.3.0.55.g101bc was discovered to contain a stack overflow via the function parse_expr1 at /nasm/nasm-parse.c. CVE-2023-29583 (https://github.com/yasm/yasm/issues/218): yasm 1.3.0.55.g101bc was discovered to contain a stack overflow via the function parse_expr5 at /nasm/nasm-parse.c. CVE-2023-29579 (https://github.com/yasm/yasm/issues/214): yasm 1.3.0.55.g101bc was discovered to contain a stack overflow via the component yasm/yasm+0x43b466 in vsprintf. CVE-2023-29581 (https://github.com/yasm/yasm/issues/216): yasm 1.3.0.55.g101bc was discovered to contain a segmentation violation via the function delete_Token at /nasm/nasm-pp.c. CVE-2023-29580 (https://github.com/yasm/yasm/issues/215): yasm 1.3.0.55.g101bc was discovered to contain a segmentation violation via the component yasm_expr_create at /libyasm/expr.c. CVE-2023-31972 (https://github.com/yasm/yasm/issues/209): yasm v1.3.0 was discovered to contain a use after free via the function pp_getline at /nasm/nasm-pp.c. CVE-2023-31973 (https://github.com/yasm/yasm/issues/207): yasm v1.3.0 was discovered to contain a use after free via the function expand_mmac_params at /nasm/nasm-pp.c. CVE-2023-31974 (https://github.com/yasm/yasm/issues/208): yasm v1.3.0 was discovered to contain a use after free via the function error at /nasm/nasm-pp.c. CVE-2023-31975 (https://github.com/yasm/yasm/issues/210): yasm v1.3.0 was discovered to contain a memory leak via the function yasm_intnum_copy at /libyasm/intnum.c. CVE-2023-31723 (https://github.com/yasm/yasm/issues/220): yasm 1.3.0.55.g101bc was discovered to contain a segmentation violation via the function expand_mmac_params at /nasm/nasm-pp.c. CVE-2023-31724 (https://github.com/yasm/yasm/issues/222): yasm 1.3.0.55.g101bc was discovered to contain a segmentation violation via the function do_directive at /nasm/nasm-pp.c. CVE-2023-31725 (https://github.com/yasm/yasm/issues/221): yasm 1.3.0.55.g101bc was discovered to contain a heap-use-after-free via the function expand_mmac_params at yasm/modules/preprocs/nasm/nasm-pp.c. No response to upstream issues. |