Vulnerability CVE-2021-33454: Information

Description

An issue was discovered in yasm version 1.3.0. There is a NULL pointer dereference in yasm_expr_get_intnum() in libyasm/expr.c.

Severity: MEDIUM (5.5) Vector: CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H

Published: July 26, 2022
Modified: July 29, 2022
Error type identifier: CWE-476

Fixed packages

Package name
Branch
Fixed in version
Version from repository
Errata ID
Task #
State
yasmsisyphus1.3.0-alt31.3.0-alt3ALT-PU-2024-9768-1352465Fixed
yasmsisyphus_riscv641.3.0-alt31.3.0-alt3ALT-PU-2024-9790-1-Fixed
yasmsisyphus_loongarch641.3.0-alt31.3.0-alt3ALT-PU-2024-9796-1-Fixed

References to Advisories, Solutions, and Tools

Hyperlink
Resource
https://gist.github.com/Clingto/bb632c0c463f4b2c97e4f65f751c5e6d
  • Third Party Advisory
https://github.com/yasm/yasm/issues/166
  • Exploit
  • Issue Tracking
  • Patch
  • Third Party Advisory
    1. Configuration 1

      cpe:2.3:a:tortall:yasm:1.3.0:*:*:*:*:*:*:*