AZL-26166

See a problem?

Import Source

https://github.com/microsoft/AzureLinuxVulnerabilityData/blob/main/osv/AZL-26166.json

JSON Data

https://api.osv.dev/v1/vulns/AZL-26166

Upstream

CVE-2023-29581

Published

2023-04-12T16:15:19Z

Modified

2026-04-21T04:23:30.830085Z

Severity

5.5 (Medium) CVSS_V3 - CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H CVSS Calculator

Summary

CVE-2023-29581 affecting package yasm 1.3.0-17

Details

yasm 1.3.0.55.g101bc has a segmentation violation in the function delete_Token at modules/preprocs/nasm/nasm-pp.c. NOTE: although a libyasm application could become unavailable if this were exploited, the vendor's position is that there is no security relevance because there is either supposed to be input validation before data reaches libyasm, or a sandbox in which the application runs.

References

https://nvd.nist.gov/vuln/detail/CVE-2023-29581

Affected packages

Azure Linux:2 / yasm

Package

Name: yasm
Purl: pkg:rpm/azure-linux/yasm

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Last affected

1.3.0-17

Database specific

source

"https://github.com/microsoft/AzureLinuxVulnerabilityData/blob/main/osv/AZL-26166.json"