CVE-2023-30402

Опубликовано: 25 апр. 2023

Источник: nvd

CVSS3: 5.5

EPSS Низкий

Описание

YASM v1.3.0 was discovered to contain a heap overflow via the function handle_dot_label at /nasm/nasm-token.re. Note: This has been disputed by third parties who argue this is a bug and not a security issue because yasm is a standalone program not designed to run untrusted code.

Ссылки

https://github.com/yasm/yasm/issues/206
Exploit
Issue Tracking
Third Party Advisory
https://github.com/yasm/yasm/issues/206
Exploit
Issue Tracking
Third Party Advisory

Уязвимые конфигурации

Конфигурация 1

cpe:2.3:a:yasm_project:yasm:1.3.0:*:*:*:*:*:*:*

EPSS

Процентиль: 8%

0.00029

Низкий

5.5 Medium

CVSS3

Дефекты

CWE-787

Связанные уязвимости

CVE-2023-30402

CVSS3: 5.5

ubuntu

почти 3 года назад

CVE-2023-30402

CVSS3: 5.5

debian

почти 3 года назад

YASM v1.3.0 was discovered to contain a heap overflow via the function ...

GHSA-vfgv-q9rw-8wc7

CVSS3: 5.5

github

почти 3 года назад

YASM v1.3.0 was discovered to contain a heap overflow via the function handle_dot_label at /nasm/nasm-token.re.

EPSS

Процентиль: 8%

0.00029

Низкий

5.5 Medium

CVSS3

Дефекты

CWE-787