CVE-2023-31975 - OpenCVE

yasm v1.3.0 was discovered to contain a memory leak via the function yasm_intnum_copy at /libyasm/intnum.c. Note: Multiple third parties dispute this as a bug and not a vulnerability according to the YASM security policy.

No CVSS v4.0

Attack Vector Local

Attack Complexity Low

Privileges Required None

Scope Unchanged

Confidentiality Impact None

Integrity Impact None

Availability Impact Low

User Interaction Required

No CVSS v3.0

No CVSS v2

This CVE is not in the KEV list.

Key SSVC decision points have not yet been added.

Vendors	Products
Yasm Project	Yasm

Configuration 1 [-]

cpe:2.3:a:yasm_project:yasm:1.3.0:*:*:*:*:*:*:*

No data.

References

Link	Providers
http://www.openwall.com/lists/oss-security/2023/06/20/6
http://www.openwall.com/lists/oss-security/2023/06/21/10
http://www.openwall.com/lists/oss-security/2023/06/21/13
http://www.openwall.com/lists/oss-security/2023/06/21/2
http://www.openwall.com/lists/oss-security/2023/06/21/5
http://www.openwall.com/lists/oss-security/2023/06/21/7
http://www.openwall.com/lists/oss-security/2023/06/21/8
http://www.openwall.com/lists/oss-security/2023/06/21/9
http://www.openwall.com/lists/oss-security/2023/06/22/1
http://www.openwall.com/lists/oss-security/2023/06/22/3
http://www.openwall.com/lists/oss-security/2023/06/22/6
http://www.openwall.com/lists/oss-security/2023/06/23/1
http://www.openwall.com/lists/oss-security/2023/06/23/2
http://www.openwall.com/lists/oss-security/2023/06/23/4
http://www.openwall.com/lists/oss-security/2023/06/23/8
http://www.openwall.com/lists/oss-security/2023/06/23/9
http://www.openwall.com/lists/oss-security/2023/06/24/1
https://github.com/yasm/yasm/issues/210

History

No history.

MITRE

Status: PUBLISHED

Assigner: mitre

Published: 2023-05-09T00:00:00

Updated: 2024-08-02T15:03:28.703Z

Reserved: 2023-04-29T00:00:00

Link: CVE-2023-31975

Vulnrichment

No data.

NVD

Status : Modified

Published: 2023-05-09T13:15:18.590

Modified: 2024-08-02T15:16:16.990

Link: CVE-2023-31975

Redhat

No data.

{"dataType": "CVE_RECORD", "cveMetadata": {"state": "PUBLISHED", "cveId": "CVE-2023-31975", "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "assignerShortName": "mitre", "dateUpdated": "2024-08-02T15:03:28.703Z", "dateReserved": "2023-04-29T00:00:00", "datePublished": "2023-05-09T00:00:00"}, "containers": {"cna": {"providerMetadata": {"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "shortName": "mitre", "dateUpdated": "2024-05-16T21:41:28.172763"}, "descriptions": [{"lang": "en", "value": "yasm v1.3.0 was discovered to contain a memory leak via the function yasm_intnum_copy at /libyasm/intnum.c. Note: Multiple third parties dispute this as a bug and not a vulnerability according to the YASM security policy."}], "tags": ["disputed"], "affected": [{"vendor": "n/a", "product": "n/a", "versions": [{"version": "n/a", "status": "affected"}]}], "references": [{"url": "https://github.com/yasm/yasm/issues/210"}, {"name": "[oss-security] 20230620 CVE-2023-31975: memory leak in yasm", "tags": ["mailing-list"], "url": "http://www.openwall.com/lists/oss-security/2023/06/20/6"}, {"name": "[oss-security] 20230621 Re: CVE-2023-31975: memory leak in yasm", "tags": ["mailing-list"], "url": "http://www.openwall.com/lists/oss-security/2023/06/21/2"}, {"name": "[oss-security] 20230621 Re: CVE-2023-31975: memory leak in yasm", "tags": ["mailing-list"], "url": "http://www.openwall.com/lists/oss-security/2023/06/21/7"}, {"name": "[oss-security] 20230621 Re: CVE-2023-31975: memory leak in yasm", "tags": ["mailing-list"], "url": "http://www.openwall.com/lists/oss-security/2023/06/21/10"}, {"name": "[oss-security] 20230622 Re: CVE-2023-31975: memory leak in yasm", "tags": ["mailing-list"], "url": "http://www.openwall.com/lists/oss-security/2023/06/21/5"}, {"name": "[oss-security] 20230621 Re: CVE-2023-31975: memory leak in yasm", "tags": ["mailing-list"], "url": "http://www.openwall.com/lists/oss-security/2023/06/21/8"}, {"name": "[oss-security] 20230621 Re: CVE-2023-31975: memory leak in yasm", "tags": ["mailing-list"], "url": "http://www.openwall.com/lists/oss-security/2023/06/21/9"}, {"name": "[oss-security] 20230621 Re: CVE-2023-31975: memory leak in yasm", "tags": ["mailing-list"], "url": "http://www.openwall.com/lists/oss-security/2023/06/21/13"}, {"name": "[oss-security] 20230621 Re: CVE-2023-31975: memory leak in yasm", "tags": ["mailing-list"], "url": "http://www.openwall.com/lists/oss-security/2023/06/22/1"}, {"name": "[oss-security] 20230621 Re: CVE-2023-31975: memory leak in yasm", "tags": ["mailing-list"], "url": "http://www.openwall.com/lists/oss-security/2023/06/22/3"}, {"name": "[oss-security] 20230622 Re: CVE-2023-31975: memory leak in yasm", "tags": ["mailing-list"], "url": "http://www.openwall.com/lists/oss-security/2023/06/22/6"}, {"name": "[oss-security] 20230623 Re: CVE-2023-31975: memory leak in yasm", "tags": ["mailing-list"], "url": "http://www.openwall.com/lists/oss-security/2023/06/23/2"}, {"name": "[oss-security] 20230623 Re: CVE-2023-31975: memory leak in yasm", "tags": ["mailing-list"], "url": "http://www.openwall.com/lists/oss-security/2023/06/23/1"}, {"name": "[oss-security] 20230623 Re: CVE-2023-31975: memory leak in yasm", "tags": ["mailing-list"], "url": "http://www.openwall.com/lists/oss-security/2023/06/23/4"}, {"name": "[oss-security] 20230623 Re: CVE-2023-31975: memory leak in yasm", "tags": ["mailing-list"], "url": "http://www.openwall.com/lists/oss-security/2023/06/23/8"}, {"name": "[oss-security] 20230623 Re: CVE-2023-31975: memory leak in yasm", "tags": ["mailing-list"], "url": "http://www.openwall.com/lists/oss-security/2023/06/23/9"}, {"name": "[oss-security] 20230624 Re: CVE-2023-31975: memory leak in yasm", "tags": ["mailing-list"], "url": "http://www.openwall.com/lists/oss-security/2023/06/24/1"}], "problemTypes": [{"descriptions": [{"type": "text", "lang": "en", "description": "n/a"}]}]}, "adp": [{"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-02T15:03:28.703Z"}, "title": "CVE Program Container", "references": [{"url": "https://github.com/yasm/yasm/issues/210", "tags": ["x_transferred"]}, {"name": "[oss-security] 20230620 CVE-2023-31975: memory leak in yasm", "tags": ["mailing-list", "x_transferred"], "url": "http://www.openwall.com/lists/oss-security/2023/06/20/6"}, {"name": "[oss-security] 20230621 Re: CVE-2023-31975: memory leak in yasm", "tags": ["mailing-list", "x_transferred"], "url": "http://www.openwall.com/lists/oss-security/2023/06/21/2"}, {"name": "[oss-security] 20230621 Re: CVE-2023-31975: memory leak in yasm", "tags": ["mailing-list", "x_transferred"], "url": "http://www.openwall.com/lists/oss-security/2023/06/21/7"}, {"name": "[oss-security] 20230621 Re: CVE-2023-31975: memory leak in yasm", "tags": ["mailing-list", "x_transferred"], "url": "http://www.openwall.com/lists/oss-security/2023/06/21/10"}, {"name": "[oss-security] 20230622 Re: CVE-2023-31975: memory leak in yasm", "tags": ["mailing-list", "x_transferred"], "url": "http://www.openwall.com/lists/oss-security/2023/06/21/5"}, {"name": "[oss-security] 20230621 Re: CVE-2023-31975: memory leak in yasm", "tags": ["mailing-list", "x_transferred"], "url": "http://www.openwall.com/lists/oss-security/2023/06/21/8"}, {"name": "[oss-security] 20230621 Re: CVE-2023-31975: memory leak in yasm", "tags": ["mailing-list", "x_transferred"], "url": "http://www.openwall.com/lists/oss-security/2023/06/21/9"}, {"name": "[oss-security] 20230621 Re: CVE-2023-31975: memory leak in yasm", "tags": ["mailing-list", "x_transferred"], "url": "http://www.openwall.com/lists/oss-security/2023/06/21/13"}, {"name": "[oss-security] 20230621 Re: CVE-2023-31975: memory leak in yasm", "tags": ["mailing-list", "x_transferred"], "url": "http://www.openwall.com/lists/oss-security/2023/06/22/1"}, {"name": "[oss-security] 20230621 Re: CVE-2023-31975: memory leak in yasm", "tags": ["mailing-list", "x_transferred"], "url": "http://www.openwall.com/lists/oss-security/2023/06/22/3"}, {"name": "[oss-security] 20230622 Re: CVE-2023-31975: memory leak in yasm", "tags": ["mailing-list", "x_transferred"], "url": "http://www.openwall.com/lists/oss-security/2023/06/22/6"}, {"name": "[oss-security] 20230623 Re: CVE-2023-31975: memory leak in yasm", "tags": ["mailing-list", "x_transferred"], "url": "http://www.openwall.com/lists/oss-security/2023/06/23/2"}, {"name": "[oss-security] 20230623 Re: CVE-2023-31975: memory leak in yasm", "tags": ["mailing-list", "x_transferred"], "url": "http://www.openwall.com/lists/oss-security/2023/06/23/1"}, {"name": "[oss-security] 20230623 Re: CVE-2023-31975: memory leak in yasm", "tags": ["mailing-list", "x_transferred"], "url": "http://www.openwall.com/lists/oss-security/2023/06/23/4"}, {"name": "[oss-security] 20230623 Re: CVE-2023-31975: memory leak in yasm", "tags": ["mailing-list", "x_transferred"], "url": "http://www.openwall.com/lists/oss-security/2023/06/23/8"}, {"name": "[oss-security] 20230623 Re: CVE-2023-31975: memory leak in yasm", "tags": ["mailing-list", "x_transferred"], "url": "http://www.openwall.com/lists/oss-security/2023/06/23/9"}, {"name": "[oss-security] 20230624 Re: CVE-2023-31975: memory leak in yasm", "tags": ["mailing-list", "x_transferred"], "url": "http://www.openwall.com/lists/oss-security/2023/06/24/1"}]}]}, "dataVersion": "5.1"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:yasm_project:yasm:1.3.0:*:*:*:*:*:*:*", "matchCriteriaId": "AD6556F7-3880-452A-ABA9-1A8A14BA41F3", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "cveTags": [{"sourceIdentifier": "cve@mitre.org", "tags": ["disputed"]}], "descriptions": [{"lang": "en", "value": "yasm v1.3.0 was discovered to contain a memory leak via the function yasm_intnum_copy at /libyasm/intnum.c. Note: Multiple third parties dispute this as a bug and not a vulnerability according to the YASM security policy."}], "id": "CVE-2023-31975", "lastModified": "2024-08-02T15:16:16.990", "metrics": {"cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "LOCAL", "availabilityImpact": "LOW", "baseScore": 3.3, "baseSeverity": "LOW", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L", "version": "3.1"}, "exploitabilityScore": 1.8, "impactScore": 1.4, "source": "nvd@nist.gov", "type": "Primary"}]}, "published": "2023-05-09T13:15:18.590", "references": [{"source": "cve@mitre.org", "tags": ["Mailing List", "Third Party Advisory"], "url": "http://www.openwall.com/lists/oss-security/2023/06/20/6"}, {"source": "cve@mitre.org", "tags": ["Mailing List", "Third Party Advisory"], "url": "http://www.openwall.com/lists/oss-security/2023/06/21/10"}, {"source": "cve@mitre.org", "tags": ["Mailing List", "Third Party Advisory"], "url": "http://www.openwall.com/lists/oss-security/2023/06/21/13"}, {"source": "cve@mitre.org", "tags": ["Mailing List", "Third Party Advisory"], "url": "http://www.openwall.com/lists/oss-security/2023/06/21/2"}, {"source": "cve@mitre.org", "tags": ["Mailing List", "Third Party Advisory"], "url": "http://www.openwall.com/lists/oss-security/2023/06/21/5"}, {"source": "cve@mitre.org", "tags": ["Mailing List", "Third Party Advisory"], "url": "http://www.openwall.com/lists/oss-security/2023/06/21/7"}, {"source": "cve@mitre.org", "tags": ["Mailing List", "Third Party Advisory"], "url": "http://www.openwall.com/lists/oss-security/2023/06/21/8"}, {"source": "cve@mitre.org", "tags": ["Mailing List", "Third Party Advisory"], "url": "http://www.openwall.com/lists/oss-security/2023/06/21/9"}, {"source": "cve@mitre.org", "tags": ["Mailing List", "Third Party Advisory"], "url": "http://www.openwall.com/lists/oss-security/2023/06/22/1"}, {"source": "cve@mitre.org", "tags": ["Mailing List", "Third Party Advisory"], "url": "http://www.openwall.com/lists/oss-security/2023/06/22/3"}, {"source": "cve@mitre.org", "tags": ["Mailing List", "Third Party Advisory"], "url": "http://www.openwall.com/lists/oss-security/2023/06/22/6"}, {"source": "cve@mitre.org", "tags": ["Mailing List", "Third Party Advisory"], "url": "http://www.openwall.com/lists/oss-security/2023/06/23/1"}, {"source": "cve@mitre.org", "tags": ["Mailing List", "Third Party Advisory"], "url": "http://www.openwall.com/lists/oss-security/2023/06/23/2"}, {"source": "cve@mitre.org", "tags": ["Mailing List", "Third Party Advisory"], "url": "http://www.openwall.com/lists/oss-security/2023/06/23/4"}, {"source": "cve@mitre.org", "tags": ["Mailing List", "Third Party Advisory"], "url": "http://www.openwall.com/lists/oss-security/2023/06/23/8"}, {"source": "cve@mitre.org", "tags": ["Mailing List", "Third Party Advisory"], "url": "http://www.openwall.com/lists/oss-security/2023/06/23/9"}, {"source": "cve@mitre.org", "tags": ["Mailing List", "Third Party Advisory"], "url": "http://www.openwall.com/lists/oss-security/2023/06/24/1"}, {"source": "cve@mitre.org", "tags": ["Exploit", "Issue Tracking"], "url": "https://github.com/yasm/yasm/issues/210"}], "sourceIdentifier": "cve@mitre.org", "vulnStatus": "Modified", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-401"}], "source": "nvd@nist.gov", "type": "Primary"}]}