Gentoo Websites Logo
Go to: Gentoo Home Documentation Forums Lists Bugs Planet Store Wiki Get Gentoo!
Bug 862112 (CVE-2021-33454, CVE-2021-33455, CVE-2021-33456, CVE-2021-33457, CVE-2021-33458, CVE-2021-33459, CVE-2021-33460, CVE-2021-33461, CVE-2021-33462, CVE-2021-33463, CVE-2021-33464, CVE-2021-33465, CVE-2021-33466, CVE-2021-33467, CVE-2021-33468, CVE-2023-29579, CVE-2023-29580, CVE-2023-29581, CVE-2023-29582, CVE-2023-29583, CVE-2023-30402, CVE-2023-31723, CVE-2023-31724, CVE-2023-31725, CVE-2023-31972, CVE-2023-31973, CVE-2023-31974, CVE-2023-31975) - dev-lang/yasm: multiple vulnerabilities
Summary: dev-lang/yasm: multiple vulnerabilities
Status: CONFIRMED
Alias: CVE-2021-33454, CVE-2021-33455, CVE-2021-33456, CVE-2021-33457, CVE-2021-33458, CVE-2021-33459, CVE-2021-33460, CVE-2021-33461, CVE-2021-33462, CVE-2021-33463, CVE-2021-33464, CVE-2021-33465, CVE-2021-33466, CVE-2021-33467, CVE-2021-33468, CVE-2023-29579, CVE-2023-29580, CVE-2023-29581, CVE-2023-29582, CVE-2023-29583, CVE-2023-30402, CVE-2023-31723, CVE-2023-31724, CVE-2023-31725, CVE-2023-31972, CVE-2023-31973, CVE-2023-31974, CVE-2023-31975
Product: Gentoo Security
Classification: Unclassified
Component: Vulnerabilities (show other bugs)
Hardware: All Linux
: Normal normal
Assignee: Gentoo Security
URL: https://gist.github.com/Clingto/bb632...
Whiteboard: ??
Keywords:
Depends on:
Blocks:
 
Reported: 2022-07-29 16:44 UTC by John Helmert III
Modified: 2023-05-19 02:48 UTC (History)
1 user (show)

See Also:
Package list:
Runtime testing required: ---


Attachments

Note You need to log in before you can comment on or make changes to this bug.
Comment 1 John Helmert III archtester Gentoo Infrastructure gentoo-dev Security 2023-04-25 23:46:17 UTC
CVE-2023-30402 (https://github.com/yasm/yasm/issues/206):

YASM v1.3.0 was discovered to contain a heap overflow via the function handle_dot_label at /nasm/nasm-token.re.

CVE-2023-29582 (https://github.com/yasm/yasm/issues/217):

yasm 1.3.0.55.g101bc was discovered to contain a stack overflow via the function parse_expr1 at /nasm/nasm-parse.c.

CVE-2023-29583 (https://github.com/yasm/yasm/issues/218):

yasm 1.3.0.55.g101bc was discovered to contain a stack overflow via the function parse_expr5 at /nasm/nasm-parse.c.

CVE-2023-29579 (https://github.com/yasm/yasm/issues/214):

yasm 1.3.0.55.g101bc was discovered to contain a stack overflow via the component yasm/yasm+0x43b466 in vsprintf.

CVE-2023-29581 (https://github.com/yasm/yasm/issues/216):

yasm 1.3.0.55.g101bc was discovered to contain a segmentation violation via the function delete_Token at /nasm/nasm-pp.c.

CVE-2023-29580 (https://github.com/yasm/yasm/issues/215):

yasm 1.3.0.55.g101bc was discovered to contain a segmentation violation via the component yasm_expr_create at /libyasm/expr.c.
Comment 2 John Helmert III archtester Gentoo Infrastructure gentoo-dev Security 2023-05-11 04:36:48 UTC
CVE-2023-31972 (https://github.com/yasm/yasm/issues/209):

yasm v1.3.0 was discovered to contain a use after free via the function pp_getline at /nasm/nasm-pp.c.

CVE-2023-31973 (https://github.com/yasm/yasm/issues/207):

yasm v1.3.0 was discovered to contain a use after free via the function expand_mmac_params at /nasm/nasm-pp.c.

CVE-2023-31974 (https://github.com/yasm/yasm/issues/208):

yasm v1.3.0 was discovered to contain a use after free via the function error at /nasm/nasm-pp.c.

CVE-2023-31975 (https://github.com/yasm/yasm/issues/210):

yasm v1.3.0 was discovered to contain a memory leak via the function yasm_intnum_copy at /libyasm/intnum.c.
Comment 3 John Helmert III archtester Gentoo Infrastructure gentoo-dev Security 2023-05-19 02:48:38 UTC
CVE-2023-31723 (https://github.com/yasm/yasm/issues/220):

yasm 1.3.0.55.g101bc was discovered to contain a segmentation violation via the function expand_mmac_params at /nasm/nasm-pp.c.

CVE-2023-31724 (https://github.com/yasm/yasm/issues/222):

yasm 1.3.0.55.g101bc was discovered to contain a segmentation violation via the function do_directive at /nasm/nasm-pp.c.

CVE-2023-31725 (https://github.com/yasm/yasm/issues/221):

yasm 1.3.0.55.g101bc was discovered to contain a heap-use-after-free via the function expand_mmac_params at yasm/modules/preprocs/nasm/nasm-pp.c.

No response to upstream issues.