cvelistv5 - CVE-2023-31975

CVE-2023-31975 (GCVE-0-2023-31975)

Vulnerability from cvelistv5

Published

2023-05-09 00:00

Modified

2025-01-29 18:28

Severity ?

3.3 (Low) - CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L

CWE

Summary

yasm v1.3.0 was discovered to contain a memory leak via the function yasm_intnum_copy at /libyasm/intnum.c. Note: Multiple third parties dispute this as a bug and not a vulnerability according to the YASM security policy.

References

URL

Tags

cve@mitre.org	http://www.openwall.com/lists/oss-security/2023/06/20/6	Mailing List, Third Party Advisory
cve@mitre.org	http://www.openwall.com/lists/oss-security/2023/06/21/10	Mailing List, Third Party Advisory
cve@mitre.org	http://www.openwall.com/lists/oss-security/2023/06/21/13	Mailing List, Third Party Advisory
cve@mitre.org	http://www.openwall.com/lists/oss-security/2023/06/21/2	Mailing List, Third Party Advisory
cve@mitre.org	http://www.openwall.com/lists/oss-security/2023/06/21/5	Mailing List, Third Party Advisory
cve@mitre.org	http://www.openwall.com/lists/oss-security/2023/06/21/7	Mailing List, Third Party Advisory
cve@mitre.org	http://www.openwall.com/lists/oss-security/2023/06/21/8	Mailing List, Third Party Advisory
cve@mitre.org	http://www.openwall.com/lists/oss-security/2023/06/21/9	Mailing List, Third Party Advisory
cve@mitre.org	http://www.openwall.com/lists/oss-security/2023/06/22/1	Mailing List, Third Party Advisory
cve@mitre.org	http://www.openwall.com/lists/oss-security/2023/06/22/3	Mailing List, Third Party Advisory
cve@mitre.org	http://www.openwall.com/lists/oss-security/2023/06/22/6	Mailing List, Third Party Advisory
cve@mitre.org	http://www.openwall.com/lists/oss-security/2023/06/23/1	Mailing List, Third Party Advisory
cve@mitre.org	http://www.openwall.com/lists/oss-security/2023/06/23/2	Mailing List, Third Party Advisory
cve@mitre.org	http://www.openwall.com/lists/oss-security/2023/06/23/4	Mailing List, Third Party Advisory
cve@mitre.org	http://www.openwall.com/lists/oss-security/2023/06/23/8	Mailing List, Third Party Advisory
cve@mitre.org	http://www.openwall.com/lists/oss-security/2023/06/23/9	Mailing List, Third Party Advisory
cve@mitre.org	http://www.openwall.com/lists/oss-security/2023/06/24/1	Mailing List, Third Party Advisory
cve@mitre.org	https://github.com/yasm/yasm/issues/210	Exploit, Issue Tracking
af854a3a-2127-422b-91ae-364da2661108	http://www.openwall.com/lists/oss-security/2023/06/20/6	Mailing List, Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108	http://www.openwall.com/lists/oss-security/2023/06/21/10	Mailing List, Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108	http://www.openwall.com/lists/oss-security/2023/06/21/13	Mailing List, Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108	http://www.openwall.com/lists/oss-security/2023/06/21/2	Mailing List, Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108	http://www.openwall.com/lists/oss-security/2023/06/21/5	Mailing List, Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108	http://www.openwall.com/lists/oss-security/2023/06/21/7	Mailing List, Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108	http://www.openwall.com/lists/oss-security/2023/06/21/8	Mailing List, Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108	http://www.openwall.com/lists/oss-security/2023/06/21/9	Mailing List, Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108	http://www.openwall.com/lists/oss-security/2023/06/22/1	Mailing List, Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108	http://www.openwall.com/lists/oss-security/2023/06/22/3	Mailing List, Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108	http://www.openwall.com/lists/oss-security/2023/06/22/6	Mailing List, Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108	http://www.openwall.com/lists/oss-security/2023/06/23/1	Mailing List, Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108	http://www.openwall.com/lists/oss-security/2023/06/23/2	Mailing List, Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108	http://www.openwall.com/lists/oss-security/2023/06/23/4	Mailing List, Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108	http://www.openwall.com/lists/oss-security/2023/06/23/8	Mailing List, Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108	http://www.openwall.com/lists/oss-security/2023/06/23/9	Mailing List, Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108	http://www.openwall.com/lists/oss-security/2023/06/24/1	Mailing List, Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108	https://github.com/yasm/yasm/issues/210	Exploit, Issue Tracking

Impacted products

	Vendor	Product	Version
	n/a	n/a	Version: n/a

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-02T15:03:28.703Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://github.com/yasm/yasm/issues/210"
          },
          {
            "name": "[oss-security] 20230620 CVE-2023-31975: memory leak in yasm",
            "tags": [
              "mailing-list",
              "x_transferred"
            ],
            "url": "http://www.openwall.com/lists/oss-security/2023/06/20/6"
          },
          {
            "name": "[oss-security] 20230621 Re: CVE-2023-31975: memory leak in yasm",
            "tags": [
              "mailing-list",
              "x_transferred"
            ],
            "url": "http://www.openwall.com/lists/oss-security/2023/06/21/2"
          },
          {
            "name": "[oss-security] 20230621 Re: CVE-2023-31975: memory leak in yasm",
            "tags": [
              "mailing-list",
              "x_transferred"
            ],
            "url": "http://www.openwall.com/lists/oss-security/2023/06/21/7"
          },
          {
            "name": "[oss-security] 20230621 Re: CVE-2023-31975: memory leak in yasm",
            "tags": [
              "mailing-list",
              "x_transferred"
            ],
            "url": "http://www.openwall.com/lists/oss-security/2023/06/21/10"
          },
          {
            "name": "[oss-security] 20230622 Re: CVE-2023-31975: memory leak in yasm",
            "tags": [
              "mailing-list",
              "x_transferred"
            ],
            "url": "http://www.openwall.com/lists/oss-security/2023/06/21/5"
          },
          {
            "name": "[oss-security] 20230621 Re: CVE-2023-31975: memory leak in yasm",
            "tags": [
              "mailing-list",
              "x_transferred"
            ],
            "url": "http://www.openwall.com/lists/oss-security/2023/06/21/8"
          },
          {
            "name": "[oss-security] 20230621 Re: CVE-2023-31975: memory leak in yasm",
            "tags": [
              "mailing-list",
              "x_transferred"
            ],
            "url": "http://www.openwall.com/lists/oss-security/2023/06/21/9"
          },
          {
            "name": "[oss-security] 20230621 Re: CVE-2023-31975: memory leak in yasm",
            "tags": [
              "mailing-list",
              "x_transferred"
            ],
            "url": "http://www.openwall.com/lists/oss-security/2023/06/21/13"
          },
          {
            "name": "[oss-security] 20230621 Re: CVE-2023-31975: memory leak in yasm",
            "tags": [
              "mailing-list",
              "x_transferred"
            ],
            "url": "http://www.openwall.com/lists/oss-security/2023/06/22/1"
          },
          {
            "name": "[oss-security] 20230621 Re: CVE-2023-31975: memory leak in yasm",
            "tags": [
              "mailing-list",
              "x_transferred"
            ],
            "url": "http://www.openwall.com/lists/oss-security/2023/06/22/3"
          },
          {
            "name": "[oss-security] 20230622 Re: CVE-2023-31975: memory leak in yasm",
            "tags": [
              "mailing-list",
              "x_transferred"
            ],
            "url": "http://www.openwall.com/lists/oss-security/2023/06/22/6"
          },
          {
            "name": "[oss-security] 20230623 Re: CVE-2023-31975: memory leak in yasm",
            "tags": [
              "mailing-list",
              "x_transferred"
            ],
            "url": "http://www.openwall.com/lists/oss-security/2023/06/23/2"
          },
          {
            "name": "[oss-security] 20230623 Re: CVE-2023-31975: memory leak in yasm",
            "tags": [
              "mailing-list",
              "x_transferred"
            ],
            "url": "http://www.openwall.com/lists/oss-security/2023/06/23/1"
          },
          {
            "name": "[oss-security] 20230623 Re: CVE-2023-31975: memory leak in yasm",
            "tags": [
              "mailing-list",
              "x_transferred"
            ],
            "url": "http://www.openwall.com/lists/oss-security/2023/06/23/4"
          },
          {
            "name": "[oss-security] 20230623 Re: CVE-2023-31975: memory leak in yasm",
            "tags": [
              "mailing-list",
              "x_transferred"
            ],
            "url": "http://www.openwall.com/lists/oss-security/2023/06/23/8"
          },
          {
            "name": "[oss-security] 20230623 Re: CVE-2023-31975: memory leak in yasm",
            "tags": [
              "mailing-list",
              "x_transferred"
            ],
            "url": "http://www.openwall.com/lists/oss-security/2023/06/23/9"
          },
          {
            "name": "[oss-security] 20230624 Re: CVE-2023-31975: memory leak in yasm",
            "tags": [
              "mailing-list",
              "x_transferred"
            ],
            "url": "http://www.openwall.com/lists/oss-security/2023/06/24/1"
          }
        ],
        "title": "CVE Program Container"
      },
      {
        "metrics": [
          {
            "cvssV3_1": {
              "attackComplexity": "LOW",
              "attackVector": "LOCAL",
              "availabilityImpact": "LOW",
              "baseScore": 3.3,
              "baseSeverity": "LOW",
              "confidentialityImpact": "NONE",
              "integrityImpact": "NONE",
              "privilegesRequired": "NONE",
              "scope": "UNCHANGED",
              "userInteraction": "REQUIRED",
              "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L",
              "version": "3.1"
            }
          },
          {
            "other": {
              "content": {
                "id": "CVE-2023-31975",
                "options": [
                  {
                    "Exploitation": "poc"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "partial"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2025-01-29T18:25:29.327733Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "problemTypes": [
          {
            "descriptions": [
              {
                "cweId": "CWE-401",
                "description": "CWE-401 Missing Release of Memory after Effective Lifetime",
                "lang": "en",
                "type": "CWE"
              }
            ]
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2025-01-29T18:28:03.588Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "n/a",
          "vendor": "n/a",
          "versions": [
            {
              "status": "affected",
              "version": "n/a"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "yasm v1.3.0 was discovered to contain a memory leak via the function yasm_intnum_copy at /libyasm/intnum.c. Note: Multiple third parties dispute this as a bug and not a vulnerability according to the YASM security policy."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "n/a",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2024-05-16T21:41:28.172Z",
        "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
        "shortName": "mitre"
      },
      "references": [
        {
          "url": "https://github.com/yasm/yasm/issues/210"
        },
        {
          "name": "[oss-security] 20230620 CVE-2023-31975: memory leak in yasm",
          "tags": [
            "mailing-list"
          ],
          "url": "http://www.openwall.com/lists/oss-security/2023/06/20/6"
        },
        {
          "name": "[oss-security] 20230621 Re: CVE-2023-31975: memory leak in yasm",
          "tags": [
            "mailing-list"
          ],
          "url": "http://www.openwall.com/lists/oss-security/2023/06/21/2"
        },
        {
          "name": "[oss-security] 20230621 Re: CVE-2023-31975: memory leak in yasm",
          "tags": [
            "mailing-list"
          ],
          "url": "http://www.openwall.com/lists/oss-security/2023/06/21/7"
        },
        {
          "name": "[oss-security] 20230621 Re: CVE-2023-31975: memory leak in yasm",
          "tags": [
            "mailing-list"
          ],
          "url": "http://www.openwall.com/lists/oss-security/2023/06/21/10"
        },
        {
          "name": "[oss-security] 20230622 Re: CVE-2023-31975: memory leak in yasm",
          "tags": [
            "mailing-list"
          ],
          "url": "http://www.openwall.com/lists/oss-security/2023/06/21/5"
        },
        {
          "name": "[oss-security] 20230621 Re: CVE-2023-31975: memory leak in yasm",
          "tags": [
            "mailing-list"
          ],
          "url": "http://www.openwall.com/lists/oss-security/2023/06/21/8"
        },
        {
          "name": "[oss-security] 20230621 Re: CVE-2023-31975: memory leak in yasm",
          "tags": [
            "mailing-list"
          ],
          "url": "http://www.openwall.com/lists/oss-security/2023/06/21/9"
        },
        {
          "name": "[oss-security] 20230621 Re: CVE-2023-31975: memory leak in yasm",
          "tags": [
            "mailing-list"
          ],
          "url": "http://www.openwall.com/lists/oss-security/2023/06/21/13"
        },
        {
          "name": "[oss-security] 20230621 Re: CVE-2023-31975: memory leak in yasm",
          "tags": [
            "mailing-list"
          ],
          "url": "http://www.openwall.com/lists/oss-security/2023/06/22/1"
        },
        {
          "name": "[oss-security] 20230621 Re: CVE-2023-31975: memory leak in yasm",
          "tags": [
            "mailing-list"
          ],
          "url": "http://www.openwall.com/lists/oss-security/2023/06/22/3"
        },
        {
          "name": "[oss-security] 20230622 Re: CVE-2023-31975: memory leak in yasm",
          "tags": [
            "mailing-list"
          ],
          "url": "http://www.openwall.com/lists/oss-security/2023/06/22/6"
        },
        {
          "name": "[oss-security] 20230623 Re: CVE-2023-31975: memory leak in yasm",
          "tags": [
            "mailing-list"
          ],
          "url": "http://www.openwall.com/lists/oss-security/2023/06/23/2"
        },
        {
          "name": "[oss-security] 20230623 Re: CVE-2023-31975: memory leak in yasm",
          "tags": [
            "mailing-list"
          ],
          "url": "http://www.openwall.com/lists/oss-security/2023/06/23/1"
        },
        {
          "name": "[oss-security] 20230623 Re: CVE-2023-31975: memory leak in yasm",
          "tags": [
            "mailing-list"
          ],
          "url": "http://www.openwall.com/lists/oss-security/2023/06/23/4"
        },
        {
          "name": "[oss-security] 20230623 Re: CVE-2023-31975: memory leak in yasm",
          "tags": [
            "mailing-list"
          ],
          "url": "http://www.openwall.com/lists/oss-security/2023/06/23/8"
        },
        {
          "name": "[oss-security] 20230623 Re: CVE-2023-31975: memory leak in yasm",
          "tags": [
            "mailing-list"
          ],
          "url": "http://www.openwall.com/lists/oss-security/2023/06/23/9"
        },
        {
          "name": "[oss-security] 20230624 Re: CVE-2023-31975: memory leak in yasm",
          "tags": [
            "mailing-list"
          ],
          "url": "http://www.openwall.com/lists/oss-security/2023/06/24/1"
        }
      ],
      "tags": [
        "disputed"
      ]
    }
  },
  "cveMetadata": {
    "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
    "assignerShortName": "mitre",
    "cveId": "CVE-2023-31975",
    "datePublished": "2023-05-09T00:00:00.000Z",
    "dateReserved": "2023-04-29T00:00:00.000Z",
    "dateUpdated": "2025-01-29T18:28:03.588Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1",
  "vulnerability-lookup:meta": {
    "nvd": "{\"cve\":{\"id\":\"CVE-2023-31975\",\"sourceIdentifier\":\"cve@mitre.org\",\"published\":\"2023-05-09T13:15:18.590\",\"lastModified\":\"2025-01-29T19:15:17.950\",\"vulnStatus\":\"Modified\",\"cveTags\":[{\"sourceIdentifier\":\"cve@mitre.org\",\"tags\":[\"disputed\"]}],\"descriptions\":[{\"lang\":\"en\",\"value\":\"yasm v1.3.0 was discovered to contain a memory leak via the function yasm_intnum_copy at /libyasm/intnum.c. Note: Multiple third parties dispute this as a bug and not a vulnerability according to the YASM security policy.\"}],\"metrics\":{\"cvssMetricV31\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"cvssData\":{\"version\":\"3.1\",\"vectorString\":\"CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L\",\"baseScore\":3.3,\"baseSeverity\":\"LOW\",\"attackVector\":\"LOCAL\",\"attackComplexity\":\"LOW\",\"privilegesRequired\":\"NONE\",\"userInteraction\":\"REQUIRED\",\"scope\":\"UNCHANGED\",\"confidentialityImpact\":\"NONE\",\"integrityImpact\":\"NONE\",\"availabilityImpact\":\"LOW\"},\"exploitabilityScore\":1.8,\"impactScore\":1.4},{\"source\":\"134c704f-9b21-4f2e-91b3-4a467353bcc0\",\"type\":\"Secondary\",\"cvssData\":{\"version\":\"3.1\",\"vectorString\":\"CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L\",\"baseScore\":3.3,\"baseSeverity\":\"LOW\",\"attackVector\":\"LOCAL\",\"attackComplexity\":\"LOW\",\"privilegesRequired\":\"NONE\",\"userInteraction\":\"REQUIRED\",\"scope\":\"UNCHANGED\",\"confidentialityImpact\":\"NONE\",\"integrityImpact\":\"NONE\",\"availabilityImpact\":\"LOW\"},\"exploitabilityScore\":1.8,\"impactScore\":1.4}]},\"weaknesses\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"description\":[{\"lang\":\"en\",\"value\":\"CWE-401\"}]},{\"source\":\"134c704f-9b21-4f2e-91b3-4a467353bcc0\",\"type\":\"Secondary\",\"description\":[{\"lang\":\"en\",\"value\":\"CWE-401\"}]}],\"configurations\":[{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:yasm_project:yasm:1.3.0:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"AD6556F7-3880-452A-ABA9-1A8A14BA41F3\"}]}]}],\"references\":[{\"url\":\"http://www.openwall.com/lists/oss-security/2023/06/20/6\",\"source\":\"cve@mitre.org\",\"tags\":[\"Mailing List\",\"Third Party Advisory\"]},{\"url\":\"http://www.openwall.com/lists/oss-security/2023/06/21/10\",\"source\":\"cve@mitre.org\",\"tags\":[\"Mailing List\",\"Third Party Advisory\"]},{\"url\":\"http://www.openwall.com/lists/oss-security/2023/06/21/13\",\"source\":\"cve@mitre.org\",\"tags\":[\"Mailing List\",\"Third Party Advisory\"]},{\"url\":\"http://www.openwall.com/lists/oss-security/2023/06/21/2\",\"source\":\"cve@mitre.org\",\"tags\":[\"Mailing List\",\"Third Party Advisory\"]},{\"url\":\"http://www.openwall.com/lists/oss-security/2023/06/21/5\",\"source\":\"cve@mitre.org\",\"tags\":[\"Mailing List\",\"Third Party Advisory\"]},{\"url\":\"http://www.openwall.com/lists/oss-security/2023/06/21/7\",\"source\":\"cve@mitre.org\",\"tags\":[\"Mailing List\",\"Third Party Advisory\"]},{\"url\":\"http://www.openwall.com/lists/oss-security/2023/06/21/8\",\"source\":\"cve@mitre.org\",\"tags\":[\"Mailing List\",\"Third Party Advisory\"]},{\"url\":\"http://www.openwall.com/lists/oss-security/2023/06/21/9\",\"source\":\"cve@mitre.org\",\"tags\":[\"Mailing List\",\"Third Party Advisory\"]},{\"url\":\"http://www.openwall.com/lists/oss-security/2023/06/22/1\",\"source\":\"cve@mitre.org\",\"tags\":[\"Mailing List\",\"Third Party Advisory\"]},{\"url\":\"http://www.openwall.com/lists/oss-security/2023/06/22/3\",\"source\":\"cve@mitre.org\",\"tags\":[\"Mailing List\",\"Third Party Advisory\"]},{\"url\":\"http://www.openwall.com/lists/oss-security/2023/06/22/6\",\"source\":\"cve@mitre.org\",\"tags\":[\"Mailing List\",\"Third Party Advisory\"]},{\"url\":\"http://www.openwall.com/lists/oss-security/2023/06/23/1\",\"source\":\"cve@mitre.org\",\"tags\":[\"Mailing List\",\"Third Party Advisory\"]},{\"url\":\"http://www.openwall.com/lists/oss-security/2023/06/23/2\",\"source\":\"cve@mitre.org\",\"tags\":[\"Mailing List\",\"Third Party Advisory\"]},{\"url\":\"http://www.openwall.com/lists/oss-security/2023/06/23/4\",\"source\":\"cve@mitre.org\",\"tags\":[\"Mailing List\",\"Third Party Advisory\"]},{\"url\":\"http://www.openwall.com/lists/oss-security/2023/06/23/8\",\"source\":\"cve@mitre.org\",\"tags\":[\"Mailing List\",\"Third Party Advisory\"]},{\"url\":\"http://www.openwall.com/lists/oss-security/2023/06/23/9\",\"source\":\"cve@mitre.org\",\"tags\":[\"Mailing List\",\"Third Party Advisory\"]},{\"url\":\"http://www.openwall.com/lists/oss-security/2023/06/24/1\",\"source\":\"cve@mitre.org\",\"tags\":[\"Mailing List\",\"Third Party Advisory\"]},{\"url\":\"https://github.com/yasm/yasm/issues/210\",\"source\":\"cve@mitre.org\",\"tags\":[\"Exploit\",\"Issue Tracking\"]},{\"url\":\"http://www.openwall.com/lists/oss-security/2023/06/20/6\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Mailing List\",\"Third Party Advisory\"]},{\"url\":\"http://www.openwall.com/lists/oss-security/2023/06/21/10\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Mailing List\",\"Third Party Advisory\"]},{\"url\":\"http://www.openwall.com/lists/oss-security/2023/06/21/13\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Mailing List\",\"Third Party Advisory\"]},{\"url\":\"http://www.openwall.com/lists/oss-security/2023/06/21/2\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Mailing List\",\"Third Party Advisory\"]},{\"url\":\"http://www.openwall.com/lists/oss-security/2023/06/21/5\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Mailing List\",\"Third Party Advisory\"]},{\"url\":\"http://www.openwall.com/lists/oss-security/2023/06/21/7\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Mailing List\",\"Third Party Advisory\"]},{\"url\":\"http://www.openwall.com/lists/oss-security/2023/06/21/8\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Mailing List\",\"Third Party Advisory\"]},{\"url\":\"http://www.openwall.com/lists/oss-security/2023/06/21/9\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Mailing List\",\"Third Party Advisory\"]},{\"url\":\"http://www.openwall.com/lists/oss-security/2023/06/22/1\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Mailing List\",\"Third Party Advisory\"]},{\"url\":\"http://www.openwall.com/lists/oss-security/2023/06/22/3\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Mailing List\",\"Third Party Advisory\"]},{\"url\":\"http://www.openwall.com/lists/oss-security/2023/06/22/6\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Mailing List\",\"Third Party Advisory\"]},{\"url\":\"http://www.openwall.com/lists/oss-security/2023/06/23/1\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Mailing List\",\"Third Party Advisory\"]},{\"url\":\"http://www.openwall.com/lists/oss-security/2023/06/23/2\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Mailing List\",\"Third Party Advisory\"]},{\"url\":\"http://www.openwall.com/lists/oss-security/2023/06/23/4\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Mailing List\",\"Third Party Advisory\"]},{\"url\":\"http://www.openwall.com/lists/oss-security/2023/06/23/8\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Mailing List\",\"Third Party Advisory\"]},{\"url\":\"http://www.openwall.com/lists/oss-security/2023/06/23/9\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Mailing List\",\"Third Party Advisory\"]},{\"url\":\"http://www.openwall.com/lists/oss-security/2023/06/24/1\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Mailing List\",\"Third Party Advisory\"]},{\"url\":\"https://github.com/yasm/yasm/issues/210\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Exploit\",\"Issue Tracking\"]}]}}",
    "vulnrichment": {
      "containers": "{\"cna\": {\"providerMetadata\": {\"orgId\": \"8254265b-2729-46b6-b9e3-3dfca2d5bfca\", \"shortName\": \"mitre\", \"dateUpdated\": \"2024-05-16T21:41:28.172Z\"}, \"descriptions\": [{\"lang\": \"en\", \"value\": \"yasm v1.3.0 was discovered to contain a memory leak via the function yasm_intnum_copy at /libyasm/intnum.c. Note: Multiple third parties dispute this as a bug and not a vulnerability according to the YASM security policy.\"}], \"tags\": [\"disputed\"], \"affected\": [{\"vendor\": \"n/a\", \"product\": \"n/a\", \"versions\": [{\"version\": \"n/a\", \"status\": \"affected\"}]}], \"references\": [{\"url\": \"https://github.com/yasm/yasm/issues/210\"}, {\"name\": \"[oss-security] 20230620 CVE-2023-31975: memory leak in yasm\", \"tags\": [\"mailing-list\"], \"url\": \"http://www.openwall.com/lists/oss-security/2023/06/20/6\"}, {\"name\": \"[oss-security] 20230621 Re: CVE-2023-31975: memory leak in yasm\", \"tags\": [\"mailing-list\"], \"url\": \"http://www.openwall.com/lists/oss-security/2023/06/21/2\"}, {\"name\": \"[oss-security] 20230621 Re: CVE-2023-31975: memory leak in yasm\", \"tags\": [\"mailing-list\"], \"url\": \"http://www.openwall.com/lists/oss-security/2023/06/21/7\"}, {\"name\": \"[oss-security] 20230621 Re: CVE-2023-31975: memory leak in yasm\", \"tags\": [\"mailing-list\"], \"url\": \"http://www.openwall.com/lists/oss-security/2023/06/21/10\"}, {\"name\": \"[oss-security] 20230622 Re: CVE-2023-31975: memory leak in yasm\", \"tags\": [\"mailing-list\"], \"url\": \"http://www.openwall.com/lists/oss-security/2023/06/21/5\"}, {\"name\": \"[oss-security] 20230621 Re: CVE-2023-31975: memory leak in yasm\", \"tags\": [\"mailing-list\"], \"url\": \"http://www.openwall.com/lists/oss-security/2023/06/21/8\"}, {\"name\": \"[oss-security] 20230621 Re: CVE-2023-31975: memory leak in yasm\", \"tags\": [\"mailing-list\"], \"url\": \"http://www.openwall.com/lists/oss-security/2023/06/21/9\"}, {\"name\": \"[oss-security] 20230621 Re: CVE-2023-31975: memory leak in yasm\", \"tags\": [\"mailing-list\"], \"url\": \"http://www.openwall.com/lists/oss-security/2023/06/21/13\"}, {\"name\": \"[oss-security] 20230621 Re: CVE-2023-31975: memory leak in yasm\", \"tags\": [\"mailing-list\"], \"url\": \"http://www.openwall.com/lists/oss-security/2023/06/22/1\"}, {\"name\": \"[oss-security] 20230621 Re: CVE-2023-31975: memory leak in yasm\", \"tags\": [\"mailing-list\"], \"url\": \"http://www.openwall.com/lists/oss-security/2023/06/22/3\"}, {\"name\": \"[oss-security] 20230622 Re: CVE-2023-31975: memory leak in yasm\", \"tags\": [\"mailing-list\"], \"url\": \"http://www.openwall.com/lists/oss-security/2023/06/22/6\"}, {\"name\": \"[oss-security] 20230623 Re: CVE-2023-31975: memory leak in yasm\", \"tags\": [\"mailing-list\"], \"url\": \"http://www.openwall.com/lists/oss-security/2023/06/23/2\"}, {\"name\": \"[oss-security] 20230623 Re: CVE-2023-31975: memory leak in yasm\", \"tags\": [\"mailing-list\"], \"url\": \"http://www.openwall.com/lists/oss-security/2023/06/23/1\"}, {\"name\": \"[oss-security] 20230623 Re: CVE-2023-31975: memory leak in yasm\", \"tags\": [\"mailing-list\"], \"url\": \"http://www.openwall.com/lists/oss-security/2023/06/23/4\"}, {\"name\": \"[oss-security] 20230623 Re: CVE-2023-31975: memory leak in yasm\", \"tags\": [\"mailing-list\"], \"url\": \"http://www.openwall.com/lists/oss-security/2023/06/23/8\"}, {\"name\": \"[oss-security] 20230623 Re: CVE-2023-31975: memory leak in yasm\", \"tags\": [\"mailing-list\"], \"url\": \"http://www.openwall.com/lists/oss-security/2023/06/23/9\"}, {\"name\": \"[oss-security] 20230624 Re: CVE-2023-31975: memory leak in yasm\", \"tags\": [\"mailing-list\"], \"url\": \"http://www.openwall.com/lists/oss-security/2023/06/24/1\"}], \"problemTypes\": [{\"descriptions\": [{\"type\": \"text\", \"lang\": \"en\", \"description\": \"n/a\"}]}]}, \"adp\": [{\"providerMetadata\": {\"orgId\": \"af854a3a-2127-422b-91ae-364da2661108\", \"shortName\": \"CVE\", \"dateUpdated\": \"2024-08-02T15:03:28.703Z\"}, \"title\": \"CVE Program Container\", \"references\": [{\"url\": \"https://github.com/yasm/yasm/issues/210\", \"tags\": [\"x_transferred\"]}, {\"name\": \"[oss-security] 20230620 CVE-2023-31975: memory leak in yasm\", \"tags\": [\"mailing-list\", \"x_transferred\"], \"url\": \"http://www.openwall.com/lists/oss-security/2023/06/20/6\"}, {\"name\": \"[oss-security] 20230621 Re: CVE-2023-31975: memory leak in yasm\", \"tags\": [\"mailing-list\", \"x_transferred\"], \"url\": \"http://www.openwall.com/lists/oss-security/2023/06/21/2\"}, {\"name\": \"[oss-security] 20230621 Re: CVE-2023-31975: memory leak in yasm\", \"tags\": [\"mailing-list\", \"x_transferred\"], \"url\": \"http://www.openwall.com/lists/oss-security/2023/06/21/7\"}, {\"name\": \"[oss-security] 20230621 Re: CVE-2023-31975: memory leak in yasm\", \"tags\": [\"mailing-list\", \"x_transferred\"], \"url\": \"http://www.openwall.com/lists/oss-security/2023/06/21/10\"}, {\"name\": \"[oss-security] 20230622 Re: CVE-2023-31975: memory leak in yasm\", \"tags\": [\"mailing-list\", \"x_transferred\"], \"url\": \"http://www.openwall.com/lists/oss-security/2023/06/21/5\"}, {\"name\": \"[oss-security] 20230621 Re: CVE-2023-31975: memory leak in yasm\", \"tags\": [\"mailing-list\", \"x_transferred\"], \"url\": \"http://www.openwall.com/lists/oss-security/2023/06/21/8\"}, {\"name\": \"[oss-security] 20230621 Re: CVE-2023-31975: memory leak in yasm\", \"tags\": [\"mailing-list\", \"x_transferred\"], \"url\": \"http://www.openwall.com/lists/oss-security/2023/06/21/9\"}, {\"name\": \"[oss-security] 20230621 Re: CVE-2023-31975: memory leak in yasm\", \"tags\": [\"mailing-list\", \"x_transferred\"], \"url\": \"http://www.openwall.com/lists/oss-security/2023/06/21/13\"}, {\"name\": \"[oss-security] 20230621 Re: CVE-2023-31975: memory leak in yasm\", \"tags\": [\"mailing-list\", \"x_transferred\"], \"url\": \"http://www.openwall.com/lists/oss-security/2023/06/22/1\"}, {\"name\": \"[oss-security] 20230621 Re: CVE-2023-31975: memory leak in yasm\", \"tags\": [\"mailing-list\", \"x_transferred\"], \"url\": \"http://www.openwall.com/lists/oss-security/2023/06/22/3\"}, {\"name\": \"[oss-security] 20230622 Re: CVE-2023-31975: memory leak in yasm\", \"tags\": [\"mailing-list\", \"x_transferred\"], \"url\": \"http://www.openwall.com/lists/oss-security/2023/06/22/6\"}, {\"name\": \"[oss-security] 20230623 Re: CVE-2023-31975: memory leak in yasm\", \"tags\": [\"mailing-list\", \"x_transferred\"], \"url\": \"http://www.openwall.com/lists/oss-security/2023/06/23/2\"}, {\"name\": \"[oss-security] 20230623 Re: CVE-2023-31975: memory leak in yasm\", \"tags\": [\"mailing-list\", \"x_transferred\"], \"url\": \"http://www.openwall.com/lists/oss-security/2023/06/23/1\"}, {\"name\": \"[oss-security] 20230623 Re: CVE-2023-31975: memory leak in yasm\", \"tags\": [\"mailing-list\", \"x_transferred\"], \"url\": \"http://www.openwall.com/lists/oss-security/2023/06/23/4\"}, {\"name\": \"[oss-security] 20230623 Re: CVE-2023-31975: memory leak in yasm\", \"tags\": [\"mailing-list\", \"x_transferred\"], \"url\": \"http://www.openwall.com/lists/oss-security/2023/06/23/8\"}, {\"name\": \"[oss-security] 20230623 Re: CVE-2023-31975: memory leak in yasm\", \"tags\": [\"mailing-list\", \"x_transferred\"], \"url\": \"http://www.openwall.com/lists/oss-security/2023/06/23/9\"}, {\"name\": \"[oss-security] 20230624 Re: CVE-2023-31975: memory leak in yasm\", \"tags\": [\"mailing-list\", \"x_transferred\"], \"url\": \"http://www.openwall.com/lists/oss-security/2023/06/24/1\"}]}, {\"title\": \"CISA ADP Vulnrichment\", \"metrics\": [{\"cvssV3_1\": {\"scope\": \"UNCHANGED\", \"version\": \"3.1\", \"baseScore\": 3.3, \"attackVector\": \"LOCAL\", \"baseSeverity\": \"LOW\", \"vectorString\": \"CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L\", \"integrityImpact\": \"NONE\", \"userInteraction\": \"REQUIRED\", \"attackComplexity\": \"LOW\", \"availabilityImpact\": \"LOW\", \"privilegesRequired\": \"NONE\", \"confidentialityImpact\": \"NONE\"}}, {\"other\": {\"type\": \"ssvc\", \"content\": {\"id\": \"CVE-2023-31975\", \"role\": \"CISA Coordinator\", \"options\": [{\"Exploitation\": \"poc\"}, {\"Automatable\": \"no\"}, {\"Technical Impact\": \"partial\"}], \"version\": \"2.0.3\", \"timestamp\": \"2025-01-29T18:25:29.327733Z\"}}}], \"problemTypes\": [{\"descriptions\": [{\"lang\": \"en\", \"type\": \"CWE\", \"cweId\": \"CWE-401\", \"description\": \"CWE-401 Missing Release of Memory after Effective Lifetime\"}]}], \"providerMetadata\": {\"orgId\": \"134c704f-9b21-4f2e-91b3-4a467353bcc0\", \"shortName\": \"CISA-ADP\", \"dateUpdated\": \"2025-01-29T18:27:57.249Z\"}}]}",
      "cveMetadata": "{\"state\": \"PUBLISHED\", \"cveId\": \"CVE-2023-31975\", \"assignerOrgId\": \"8254265b-2729-46b6-b9e3-3dfca2d5bfca\", \"assignerShortName\": \"mitre\", \"dateUpdated\": \"2025-01-29T18:28:03.588Z\", \"dateReserved\": \"2023-04-29T00:00:00.000Z\", \"datePublished\": \"2023-05-09T00:00:00.000Z\"}",
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }
  }
}

fkie_cve-2023-31975

Vulnerability from fkie_nvd

Published

2023-05-09 13:15

Modified

2025-01-29 19:15

Severity ?

3.3 (Low) - CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L
3.3 (Low) - CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L

Summary

References

URL	Tags
cve@mitre.org	http://www.openwall.com/lists/oss-security/2023/06/20/6	Mailing List, Third Party Advisory
cve@mitre.org	http://www.openwall.com/lists/oss-security/2023/06/21/10	Mailing List, Third Party Advisory
cve@mitre.org	http://www.openwall.com/lists/oss-security/2023/06/21/13	Mailing List, Third Party Advisory
cve@mitre.org	http://www.openwall.com/lists/oss-security/2023/06/21/2	Mailing List, Third Party Advisory
cve@mitre.org	http://www.openwall.com/lists/oss-security/2023/06/21/5	Mailing List, Third Party Advisory
cve@mitre.org	http://www.openwall.com/lists/oss-security/2023/06/21/7	Mailing List, Third Party Advisory
cve@mitre.org	http://www.openwall.com/lists/oss-security/2023/06/21/8	Mailing List, Third Party Advisory
cve@mitre.org	http://www.openwall.com/lists/oss-security/2023/06/21/9	Mailing List, Third Party Advisory
cve@mitre.org	http://www.openwall.com/lists/oss-security/2023/06/22/1	Mailing List, Third Party Advisory
cve@mitre.org	http://www.openwall.com/lists/oss-security/2023/06/22/3	Mailing List, Third Party Advisory
cve@mitre.org	http://www.openwall.com/lists/oss-security/2023/06/22/6	Mailing List, Third Party Advisory
cve@mitre.org	http://www.openwall.com/lists/oss-security/2023/06/23/1	Mailing List, Third Party Advisory
cve@mitre.org	http://www.openwall.com/lists/oss-security/2023/06/23/2	Mailing List, Third Party Advisory
cve@mitre.org	http://www.openwall.com/lists/oss-security/2023/06/23/4	Mailing List, Third Party Advisory
cve@mitre.org	http://www.openwall.com/lists/oss-security/2023/06/23/8	Mailing List, Third Party Advisory
cve@mitre.org	http://www.openwall.com/lists/oss-security/2023/06/23/9	Mailing List, Third Party Advisory
cve@mitre.org	http://www.openwall.com/lists/oss-security/2023/06/24/1	Mailing List, Third Party Advisory
cve@mitre.org	https://github.com/yasm/yasm/issues/210	Exploit, Issue Tracking
af854a3a-2127-422b-91ae-364da2661108	http://www.openwall.com/lists/oss-security/2023/06/20/6	Mailing List, Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108	http://www.openwall.com/lists/oss-security/2023/06/21/10	Mailing List, Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108	http://www.openwall.com/lists/oss-security/2023/06/21/13	Mailing List, Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108	http://www.openwall.com/lists/oss-security/2023/06/21/2	Mailing List, Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108	http://www.openwall.com/lists/oss-security/2023/06/21/5	Mailing List, Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108	http://www.openwall.com/lists/oss-security/2023/06/21/7	Mailing List, Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108	http://www.openwall.com/lists/oss-security/2023/06/21/8	Mailing List, Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108	http://www.openwall.com/lists/oss-security/2023/06/21/9	Mailing List, Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108	http://www.openwall.com/lists/oss-security/2023/06/22/1	Mailing List, Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108	http://www.openwall.com/lists/oss-security/2023/06/22/3	Mailing List, Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108	http://www.openwall.com/lists/oss-security/2023/06/22/6	Mailing List, Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108	http://www.openwall.com/lists/oss-security/2023/06/23/1	Mailing List, Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108	http://www.openwall.com/lists/oss-security/2023/06/23/2	Mailing List, Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108	http://www.openwall.com/lists/oss-security/2023/06/23/4	Mailing List, Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108	http://www.openwall.com/lists/oss-security/2023/06/23/8	Mailing List, Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108	http://www.openwall.com/lists/oss-security/2023/06/23/9	Mailing List, Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108	http://www.openwall.com/lists/oss-security/2023/06/24/1	Mailing List, Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108	https://github.com/yasm/yasm/issues/210	Exploit, Issue Tracking

Impacted products

	Vendor	Product	Version
	yasm_project	yasm	1.3.0

JSON

To clipboard

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:yasm_project:yasm:1.3.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "AD6556F7-3880-452A-ABA9-1A8A14BA41F3",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    }
  ],
  "cveTags": [
    {
      "sourceIdentifier": "cve@mitre.org",
      "tags": [
        "disputed"
      ]
    }
  ],
  "descriptions": [
    {
      "lang": "en",
      "value": "yasm v1.3.0 was discovered to contain a memory leak via the function yasm_intnum_copy at /libyasm/intnum.c. Note: Multiple third parties dispute this as a bug and not a vulnerability according to the YASM security policy."
    }
  ],
  "id": "CVE-2023-31975",
  "lastModified": "2025-01-29T19:15:17.950",
  "metrics": {
    "cvssMetricV31": [
      {
        "cvssData": {
          "attackComplexity": "LOW",
          "attackVector": "LOCAL",
          "availabilityImpact": "LOW",
          "baseScore": 3.3,
          "baseSeverity": "LOW",
          "confidentialityImpact": "NONE",
          "integrityImpact": "NONE",
          "privilegesRequired": "NONE",
          "scope": "UNCHANGED",
          "userInteraction": "REQUIRED",
          "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L",
          "version": "3.1"
        },
        "exploitabilityScore": 1.8,
        "impactScore": 1.4,
        "source": "nvd@nist.gov",
        "type": "Primary"
      },
      {
        "cvssData": {
          "attackComplexity": "LOW",
          "attackVector": "LOCAL",
          "availabilityImpact": "LOW",
          "baseScore": 3.3,
          "baseSeverity": "LOW",
          "confidentialityImpact": "NONE",
          "integrityImpact": "NONE",
          "privilegesRequired": "NONE",
          "scope": "UNCHANGED",
          "userInteraction": "REQUIRED",
          "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L",
          "version": "3.1"
        },
        "exploitabilityScore": 1.8,
        "impactScore": 1.4,
        "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
        "type": "Secondary"
      }
    ]
  },
  "published": "2023-05-09T13:15:18.590",
  "references": [
    {
      "source": "cve@mitre.org",
      "tags": [
        "Mailing List",
        "Third Party Advisory"
      ],
      "url": "http://www.openwall.com/lists/oss-security/2023/06/20/6"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Mailing List",
        "Third Party Advisory"
      ],
      "url": "http://www.openwall.com/lists/oss-security/2023/06/21/10"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Mailing List",
        "Third Party Advisory"
      ],
      "url": "http://www.openwall.com/lists/oss-security/2023/06/21/13"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Mailing List",
        "Third Party Advisory"
      ],
      "url": "http://www.openwall.com/lists/oss-security/2023/06/21/2"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Mailing List",
        "Third Party Advisory"
      ],
      "url": "http://www.openwall.com/lists/oss-security/2023/06/21/5"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Mailing List",
        "Third Party Advisory"
      ],
      "url": "http://www.openwall.com/lists/oss-security/2023/06/21/7"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Mailing List",
        "Third Party Advisory"
      ],
      "url": "http://www.openwall.com/lists/oss-security/2023/06/21/8"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Mailing List",
        "Third Party Advisory"
      ],
      "url": "http://www.openwall.com/lists/oss-security/2023/06/21/9"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Mailing List",
        "Third Party Advisory"
      ],
      "url": "http://www.openwall.com/lists/oss-security/2023/06/22/1"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Mailing List",
        "Third Party Advisory"
      ],
      "url": "http://www.openwall.com/lists/oss-security/2023/06/22/3"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Mailing List",
        "Third Party Advisory"
      ],
      "url": "http://www.openwall.com/lists/oss-security/2023/06/22/6"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Mailing List",
        "Third Party Advisory"
      ],
      "url": "http://www.openwall.com/lists/oss-security/2023/06/23/1"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Mailing List",
        "Third Party Advisory"
      ],
      "url": "http://www.openwall.com/lists/oss-security/2023/06/23/2"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Mailing List",
        "Third Party Advisory"
      ],
      "url": "http://www.openwall.com/lists/oss-security/2023/06/23/4"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Mailing List",
        "Third Party Advisory"
      ],
      "url": "http://www.openwall.com/lists/oss-security/2023/06/23/8"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Mailing List",
        "Third Party Advisory"
      ],
      "url": "http://www.openwall.com/lists/oss-security/2023/06/23/9"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Mailing List",
        "Third Party Advisory"
      ],
      "url": "http://www.openwall.com/lists/oss-security/2023/06/24/1"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Exploit",
        "Issue Tracking"
      ],
      "url": "https://github.com/yasm/yasm/issues/210"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Mailing List",
        "Third Party Advisory"
      ],
      "url": "http://www.openwall.com/lists/oss-security/2023/06/20/6"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Mailing List",
        "Third Party Advisory"
      ],
      "url": "http://www.openwall.com/lists/oss-security/2023/06/21/10"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Mailing List",
        "Third Party Advisory"
      ],
      "url": "http://www.openwall.com/lists/oss-security/2023/06/21/13"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Mailing List",
        "Third Party Advisory"
      ],
      "url": "http://www.openwall.com/lists/oss-security/2023/06/21/2"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Mailing List",
        "Third Party Advisory"
      ],
      "url": "http://www.openwall.com/lists/oss-security/2023/06/21/5"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Mailing List",
        "Third Party Advisory"
      ],
      "url": "http://www.openwall.com/lists/oss-security/2023/06/21/7"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Mailing List",
        "Third Party Advisory"
      ],
      "url": "http://www.openwall.com/lists/oss-security/2023/06/21/8"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Mailing List",
        "Third Party Advisory"
      ],
      "url": "http://www.openwall.com/lists/oss-security/2023/06/21/9"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Mailing List",
        "Third Party Advisory"
      ],
      "url": "http://www.openwall.com/lists/oss-security/2023/06/22/1"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Mailing List",
        "Third Party Advisory"
      ],
      "url": "http://www.openwall.com/lists/oss-security/2023/06/22/3"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Mailing List",
        "Third Party Advisory"
      ],
      "url": "http://www.openwall.com/lists/oss-security/2023/06/22/6"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Mailing List",
        "Third Party Advisory"
      ],
      "url": "http://www.openwall.com/lists/oss-security/2023/06/23/1"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Mailing List",
        "Third Party Advisory"
      ],
      "url": "http://www.openwall.com/lists/oss-security/2023/06/23/2"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Mailing List",
        "Third Party Advisory"
      ],
      "url": "http://www.openwall.com/lists/oss-security/2023/06/23/4"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Mailing List",
        "Third Party Advisory"
      ],
      "url": "http://www.openwall.com/lists/oss-security/2023/06/23/8"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Mailing List",
        "Third Party Advisory"
      ],
      "url": "http://www.openwall.com/lists/oss-security/2023/06/23/9"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Mailing List",
        "Third Party Advisory"
      ],
      "url": "http://www.openwall.com/lists/oss-security/2023/06/24/1"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Exploit",
        "Issue Tracking"
      ],
      "url": "https://github.com/yasm/yasm/issues/210"
    }
  ],
  "sourceIdentifier": "cve@mitre.org",
  "vulnStatus": "Modified",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-401"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    },
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-401"
        }
      ],
      "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
      "type": "Secondary"
    }
  ]
}

msrc_cve-2023-31975

Vulnerability from csaf_microsoft

Published

2023-05-01 00:00

Modified

2024-06-30 07:00

Summary

Notes

Additional Resources

To determine the support lifecycle for your software, see the Microsoft Support Lifecycle: https://support.microsoft.com/lifecycle

Disclaimer

The information provided in the Microsoft Knowledge Base is provided \"as is\" without warranty of any kind. Microsoft disclaims all warranties, either express or implied, including the warranties of merchantability and fitness for a particular purpose. In no event shall Microsoft Corporation or its suppliers be liable for any damages whatsoever including direct, indirect, incidental, consequential, loss of business profits or special damages, even if Microsoft Corporation or its suppliers have been advised of the possibility of such damages. Some states do not allow the exclusion or limitation of liability for consequential or incidental damages so the foregoing limitation may not apply.

JSON

To clipboard

{
  "document": {
    "category": "csaf_vex",
    "csaf_version": "2.0",
    "distribution": {
      "text": "Public",
      "tlp": {
        "label": "WHITE",
        "url": "https://www.first.org/tlp/"
      }
    },
    "lang": "en-US",
    "notes": [
      {
        "category": "general",
        "text": "To determine the support lifecycle for your software, see the Microsoft Support Lifecycle: https://support.microsoft.com/lifecycle",
        "title": "Additional Resources"
      },
      {
        "category": "legal_disclaimer",
        "text": "The information provided in the Microsoft Knowledge Base is provided \\\"as is\\\" without warranty of any kind. Microsoft disclaims all warranties, either express or implied, including the warranties of merchantability and fitness for a particular purpose. In no event shall Microsoft Corporation or its suppliers be liable for any damages whatsoever including direct, indirect, incidental, consequential, loss of business profits or special damages, even if Microsoft Corporation or its suppliers have been advised of the possibility of such damages. Some states do not allow the exclusion or limitation of liability for consequential or incidental damages so the foregoing limitation may not apply.",
        "title": "Disclaimer"
      }
    ],
    "publisher": {
      "category": "vendor",
      "contact_details": "secure@microsoft.com",
      "name": "Microsoft Security Response Center",
      "namespace": "https://msrc.microsoft.com"
    },
    "references": [
      {
        "category": "self",
        "summary": "CVE-2023-31975 yasm v1.3.0 was discovered to contain a memory leak via the function yasm_intnum_copy at /libyasm/intnum.c. Note: Multiple third parties dispute this as a bug and not a vulnerability according to the YASM security policy. - VEX",
        "url": "https://msrc.microsoft.com/csaf/vex/2023/msrc_cve-2023-31975.json"
      },
      {
        "category": "external",
        "summary": "Microsoft Support Lifecycle",
        "url": "https://support.microsoft.com/lifecycle"
      },
      {
        "category": "external",
        "summary": "Common Vulnerability Scoring System",
        "url": "https://www.first.org/cvss"
      }
    ],
    "title": "yasm v1.3.0 was discovered to contain a memory leak via the function yasm_intnum_copy at /libyasm/intnum.c. Note: Multiple third parties dispute this as a bug and not a vulnerability according to the YASM security policy.",
    "tracking": {
      "current_release_date": "2024-06-30T07:00:00.000Z",
      "generator": {
        "date": "2025-10-20T00:26:38.246Z",
        "engine": {
          "name": "MSRC Generator",
          "version": "1.0"
        }
      },
      "id": "msrc_CVE-2023-31975",
      "initial_release_date": "2023-05-01T00:00:00.000Z",
      "revision_history": [
        {
          "date": "2023-05-12T00:00:00.000Z",
          "legacy_version": "1",
          "number": "1",
          "summary": "Information published."
        },
        {
          "date": "2024-06-30T07:00:00.000Z",
          "legacy_version": "1.1",
          "number": "2",
          "summary": "Information published."
        }
      ],
      "status": "final",
      "version": "2"
    }
  },
  "product_tree": {
    "branches": [
      {
        "branches": [
          {
            "branches": [
              {
                "category": "product_version",
                "name": "3.0",
                "product": {
                  "name": "Azure Linux 3.0",
                  "product_id": "17084"
                }
              },
              {
                "category": "product_version",
                "name": "1.0",
                "product": {
                  "name": "CBL Mariner 1.0",
                  "product_id": "16820"
                }
              },
              {
                "category": "product_version",
                "name": "2.0",
                "product": {
                  "name": "CBL Mariner 2.0",
                  "product_id": "17086"
                }
              }
            ],
            "category": "product_name",
            "name": "Azure Linux"
          },
          {
            "branches": [
              {
                "category": "product_version_range",
                "name": "\u003cazl3 yasm 1.3.0-16",
                "product": {
                  "name": "\u003cazl3 yasm 1.3.0-16",
                  "product_id": "1"
                }
              },
              {
                "category": "product_version",
                "name": "azl3 yasm 1.3.0-16",
                "product": {
                  "name": "azl3 yasm 1.3.0-16",
                  "product_id": "18417"
                }
              },
              {
                "category": "product_version_range",
                "name": "\u003ccm1 yasm 1.3.0-14",
                "product": {
                  "name": "\u003ccm1 yasm 1.3.0-14",
                  "product_id": "4"
                }
              },
              {
                "category": "product_version",
                "name": "cm1 yasm 1.3.0-14",
                "product": {
                  "name": "cm1 yasm 1.3.0-14",
                  "product_id": "17890"
                }
              },
              {
                "category": "product_version_range",
                "name": "\u003ccbl2 yasm 1.3.0-14",
                "product": {
                  "name": "\u003ccbl2 yasm 1.3.0-14",
                  "product_id": "3"
                }
              },
              {
                "category": "product_version",
                "name": "cbl2 yasm 1.3.0-14",
                "product": {
                  "name": "cbl2 yasm 1.3.0-14",
                  "product_id": "17891"
                }
              },
              {
                "category": "product_version_range",
                "name": "\u003cazl3 yasm 1.3.0-14",
                "product": {
                  "name": "\u003cazl3 yasm 1.3.0-14",
                  "product_id": "2"
                }
              },
              {
                "category": "product_version",
                "name": "azl3 yasm 1.3.0-14",
                "product": {
                  "name": "azl3 yasm 1.3.0-14",
                  "product_id": "17892"
                }
              }
            ],
            "category": "product_name",
            "name": "yasm"
          }
        ],
        "category": "vendor",
        "name": "Microsoft"
      }
    ],
    "relationships": [
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "\u003cazl3 yasm 1.3.0-16 as a component of Azure Linux 3.0",
          "product_id": "17084-1"
        },
        "product_reference": "1",
        "relates_to_product_reference": "17084"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "azl3 yasm 1.3.0-16 as a component of Azure Linux 3.0",
          "product_id": "18417-17084"
        },
        "product_reference": "18417",
        "relates_to_product_reference": "17084"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "\u003ccm1 yasm 1.3.0-14 as a component of CBL Mariner 1.0",
          "product_id": "16820-4"
        },
        "product_reference": "4",
        "relates_to_product_reference": "16820"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "cm1 yasm 1.3.0-14 as a component of CBL Mariner 1.0",
          "product_id": "17890-16820"
        },
        "product_reference": "17890",
        "relates_to_product_reference": "16820"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "\u003ccbl2 yasm 1.3.0-14 as a component of CBL Mariner 2.0",
          "product_id": "17086-3"
        },
        "product_reference": "3",
        "relates_to_product_reference": "17086"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "cbl2 yasm 1.3.0-14 as a component of CBL Mariner 2.0",
          "product_id": "17891-17086"
        },
        "product_reference": "17891",
        "relates_to_product_reference": "17086"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "\u003cazl3 yasm 1.3.0-14 as a component of Azure Linux 3.0",
          "product_id": "17084-2"
        },
        "product_reference": "2",
        "relates_to_product_reference": "17084"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "azl3 yasm 1.3.0-14 as a component of Azure Linux 3.0",
          "product_id": "17892-17084"
        },
        "product_reference": "17892",
        "relates_to_product_reference": "17084"
      }
    ]
  },
  "vulnerabilities": [
    {
      "cve": "CVE-2023-31975",
      "cwe": {
        "id": "CWE-401",
        "name": "Missing Release of Memory after Effective Lifetime"
      },
      "notes": [
        {
          "category": "general",
          "text": "mitre",
          "title": "Assigning CNA"
        }
      ],
      "product_status": {
        "fixed": [
          "18417-17084",
          "17890-16820",
          "17891-17086",
          "17892-17084"
        ],
        "known_affected": [
          "17084-1",
          "16820-4",
          "17086-3",
          "17084-2"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "CVE-2023-31975 yasm v1.3.0 was discovered to contain a memory leak via the function yasm_intnum_copy at /libyasm/intnum.c. Note: Multiple third parties dispute this as a bug and not a vulnerability according to the YASM security policy. - VEX",
          "url": "https://msrc.microsoft.com/csaf/vex/2023/msrc_cve-2023-31975.json"
        }
      ],
      "remediations": [
        {
          "category": "vendor_fix",
          "date": "2023-05-12T00:00:00.000Z",
          "details": "1.3.0-14:Security Update:https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade",
          "product_ids": [
            "17084-1",
            "16820-4",
            "17086-3",
            "17084-2"
          ],
          "url": "https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade"
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "attackComplexity": "LOW",
            "attackVector": "LOCAL",
            "availabilityImpact": "LOW",
            "baseScore": 3.3,
            "baseSeverity": "LOW",
            "confidentialityImpact": "NONE",
            "environmentalsScore": 0.0,
            "integrityImpact": "NONE",
            "privilegesRequired": "NONE",
            "scope": "UNCHANGED",
            "temporalScore": 3.3,
            "userInteraction": "REQUIRED",
            "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L",
            "version": "3.1"
          },
          "products": [
            "17084-1",
            "16820-4",
            "17086-3",
            "17084-2"
          ]
        }
      ],
      "title": "yasm v1.3.0 was discovered to contain a memory leak via the function yasm_intnum_copy at /libyasm/intnum.c. Note: Multiple third parties dispute this as a bug and not a vulnerability according to the YASM security policy."
    }
  ]
}

ghsa-g56w-fm5h-cwrp

Vulnerability from github

Published

2023-05-09 15:30

Modified

2024-04-04 03:55

Severity ?

9.8 (Critical) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Details

yasm v1.3.0 was discovered to contain a memory leak via the function yasm_intnum_copy at /libyasm/intnum.c.

Show details on source website

JSON

To clipboard

{
  "affected": [],
  "aliases": [
    "CVE-2023-31975"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-401"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2023-05-09T13:15:18Z",
    "severity": "LOW"
  },
  "details": "yasm v1.3.0 was discovered to contain a memory leak via the function yasm_intnum_copy at /libyasm/intnum.c.",
  "id": "GHSA-g56w-fm5h-cwrp",
  "modified": "2024-04-04T03:55:33Z",
  "published": "2023-05-09T15:30:32Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2023-31975"
    },
    {
      "type": "WEB",
      "url": "https://github.com/yasm/yasm/issues/210"
    },
    {
      "type": "WEB",
      "url": "http://www.openwall.com/lists/oss-security/2023/06/20/6"
    },
    {
      "type": "WEB",
      "url": "http://www.openwall.com/lists/oss-security/2023/06/21/10"
    },
    {
      "type": "WEB",
      "url": "http://www.openwall.com/lists/oss-security/2023/06/21/13"
    },
    {
      "type": "WEB",
      "url": "http://www.openwall.com/lists/oss-security/2023/06/21/2"
    },
    {
      "type": "WEB",
      "url": "http://www.openwall.com/lists/oss-security/2023/06/21/5"
    },
    {
      "type": "WEB",
      "url": "http://www.openwall.com/lists/oss-security/2023/06/21/7"
    },
    {
      "type": "WEB",
      "url": "http://www.openwall.com/lists/oss-security/2023/06/21/8"
    },
    {
      "type": "WEB",
      "url": "http://www.openwall.com/lists/oss-security/2023/06/21/9"
    },
    {
      "type": "WEB",
      "url": "http://www.openwall.com/lists/oss-security/2023/06/22/1"
    },
    {
      "type": "WEB",
      "url": "http://www.openwall.com/lists/oss-security/2023/06/22/3"
    },
    {
      "type": "WEB",
      "url": "http://www.openwall.com/lists/oss-security/2023/06/22/6"
    },
    {
      "type": "WEB",
      "url": "http://www.openwall.com/lists/oss-security/2023/06/23/1"
    },
    {
      "type": "WEB",
      "url": "http://www.openwall.com/lists/oss-security/2023/06/23/2"
    },
    {
      "type": "WEB",
      "url": "http://www.openwall.com/lists/oss-security/2023/06/23/4"
    },
    {
      "type": "WEB",
      "url": "http://www.openwall.com/lists/oss-security/2023/06/23/8"
    },
    {
      "type": "WEB",
      "url": "http://www.openwall.com/lists/oss-security/2023/06/23/9"
    },
    {
      "type": "WEB",
      "url": "http://www.openwall.com/lists/oss-security/2023/06/24/1"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
      "type": "CVSS_V3"
    }
  ]
}

gsd-2023-31975

Vulnerability from gsd

Modified

2023-12-13 01:20

Details

yasm v1.3.0 was discovered to contain a memory leak via the function yasm_intnum_copy at /libyasm/intnum.c.

Aliases

CVE-2023-31975

Aliases

CVE-2023-31975

JSON

To clipboard

{
  "GSD": {
    "alias": "CVE-2023-31975",
    "id": "GSD-2023-31975"
  },
  "gsd": {
    "metadata": {
      "exploitCode": "unknown",
      "remediation": "unknown",
      "reportConfidence": "confirmed",
      "type": "vulnerability"
    },
    "osvSchema": {
      "aliases": [
        "CVE-2023-31975"
      ],
      "details": "yasm v1.3.0 was discovered to contain a memory leak via the function yasm_intnum_copy at /libyasm/intnum.c.",
      "id": "GSD-2023-31975",
      "modified": "2023-12-13T01:20:29.591766Z",
      "schema_version": "1.4.0"
    }
  },
  "namespaces": {
    "cve.org": {
      "CVE_data_meta": {
        "ASSIGNER": "cve@mitre.org",
        "ID": "CVE-2023-31975",
        "STATE": "PUBLIC"
      },
      "affects": {
        "vendor": {
          "vendor_data": [
            {
              "product": {
                "product_data": [
                  {
                    "product_name": "n/a",
                    "version": {
                      "version_data": [
                        {
                          "version_value": "n/a"
                        }
                      ]
                    }
                  }
                ]
              },
              "vendor_name": "n/a"
            }
          ]
        }
      },
      "data_format": "MITRE",
      "data_type": "CVE",
      "data_version": "4.0",
      "description": {
        "description_data": [
          {
            "lang": "eng",
            "value": "yasm v1.3.0 was discovered to contain a memory leak via the function yasm_intnum_copy at /libyasm/intnum.c."
          }
        ]
      },
      "problemtype": {
        "problemtype_data": [
          {
            "description": [
              {
                "lang": "eng",
                "value": "n/a"
              }
            ]
          }
        ]
      },
      "references": {
        "reference_data": [
          {
            "name": "https://github.com/yasm/yasm/issues/210",
            "refsource": "MISC",
            "url": "https://github.com/yasm/yasm/issues/210"
          },
          {
            "name": "[oss-security] 20230620 CVE-2023-31975: memory leak in yasm",
            "refsource": "MLIST",
            "url": "http://www.openwall.com/lists/oss-security/2023/06/20/6"
          },
          {
            "name": "[oss-security] 20230621 Re: CVE-2023-31975: memory leak in yasm",
            "refsource": "MLIST",
            "url": "http://www.openwall.com/lists/oss-security/2023/06/21/2"
          },
          {
            "name": "[oss-security] 20230621 Re: CVE-2023-31975: memory leak in yasm",
            "refsource": "MLIST",
            "url": "http://www.openwall.com/lists/oss-security/2023/06/21/7"
          },
          {
            "name": "[oss-security] 20230621 Re: CVE-2023-31975: memory leak in yasm",
            "refsource": "MLIST",
            "url": "http://www.openwall.com/lists/oss-security/2023/06/21/10"
          },
          {
            "name": "[oss-security] 20230622 Re: CVE-2023-31975: memory leak in yasm",
            "refsource": "MLIST",
            "url": "http://www.openwall.com/lists/oss-security/2023/06/21/5"
          },
          {
            "name": "[oss-security] 20230621 Re: CVE-2023-31975: memory leak in yasm",
            "refsource": "MLIST",
            "url": "http://www.openwall.com/lists/oss-security/2023/06/21/8"
          },
          {
            "name": "[oss-security] 20230621 Re: CVE-2023-31975: memory leak in yasm",
            "refsource": "MLIST",
            "url": "http://www.openwall.com/lists/oss-security/2023/06/21/9"
          },
          {
            "name": "[oss-security] 20230621 Re: CVE-2023-31975: memory leak in yasm",
            "refsource": "MLIST",
            "url": "http://www.openwall.com/lists/oss-security/2023/06/21/13"
          },
          {
            "name": "[oss-security] 20230621 Re: CVE-2023-31975: memory leak in yasm",
            "refsource": "MLIST",
            "url": "http://www.openwall.com/lists/oss-security/2023/06/22/1"
          },
          {
            "name": "[oss-security] 20230621 Re: CVE-2023-31975: memory leak in yasm",
            "refsource": "MLIST",
            "url": "http://www.openwall.com/lists/oss-security/2023/06/22/3"
          },
          {
            "name": "[oss-security] 20230622 Re: CVE-2023-31975: memory leak in yasm",
            "refsource": "MLIST",
            "url": "http://www.openwall.com/lists/oss-security/2023/06/22/6"
          },
          {
            "name": "[oss-security] 20230623 Re: CVE-2023-31975: memory leak in yasm",
            "refsource": "MLIST",
            "url": "http://www.openwall.com/lists/oss-security/2023/06/23/2"
          },
          {
            "name": "[oss-security] 20230623 Re: CVE-2023-31975: memory leak in yasm",
            "refsource": "MLIST",
            "url": "http://www.openwall.com/lists/oss-security/2023/06/23/1"
          },
          {
            "name": "[oss-security] 20230623 Re: CVE-2023-31975: memory leak in yasm",
            "refsource": "MLIST",
            "url": "http://www.openwall.com/lists/oss-security/2023/06/23/4"
          },
          {
            "name": "[oss-security] 20230623 Re: CVE-2023-31975: memory leak in yasm",
            "refsource": "MLIST",
            "url": "http://www.openwall.com/lists/oss-security/2023/06/23/8"
          },
          {
            "name": "[oss-security] 20230623 Re: CVE-2023-31975: memory leak in yasm",
            "refsource": "MLIST",
            "url": "http://www.openwall.com/lists/oss-security/2023/06/23/9"
          },
          {
            "name": "[oss-security] 20230624 Re: CVE-2023-31975: memory leak in yasm",
            "refsource": "MLIST",
            "url": "http://www.openwall.com/lists/oss-security/2023/06/24/1"
          }
        ]
      }
    },
    "gitlab.com": {
      "advisories": [
        {
          "affected_range": "=1.3.0",
          "affected_versions": "Version 1.3.0",
          "cvss_v3": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
          "cwe_ids": [
            "CWE-1035",
            "CWE-401",
            "CWE-937"
          ],
          "date": "2023-06-22",
          "description": "yasm v1.3.0 was discovered to contain a memory leak via the function yasm_intnum_copy at /libyasm/intnum.c.",
          "fixed_versions": [],
          "identifier": "CVE-2023-31975",
          "identifiers": [
            "CVE-2023-31975"
          ],
          "not_impacted": "",
          "package_slug": "conan/yasm",
          "pubdate": "2023-05-09",
          "solution": "Unfortunately, there is no solution available yet.",
          "title": "Missing Release of Memory after Effective Lifetime",
          "urls": [
            "https://nvd.nist.gov/vuln/detail/CVE-2023-31975",
            "https://github.com/yasm/yasm/issues/210"
          ],
          "uuid": "13052c16-706a-42af-84de-ab732b8c8e3a"
        }
      ]
    },
    "nvd.nist.gov": {
      "configurations": {
        "CVE_data_version": "4.0",
        "nodes": [
          {
            "children": [],
            "cpe_match": [
              {
                "cpe23Uri": "cpe:2.3:a:yasm_project:yasm:1.3.0:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              }
            ],
            "operator": "OR"
          }
        ]
      },
      "cve": {
        "CVE_data_meta": {
          "ASSIGNER": "cve@mitre.org",
          "ID": "CVE-2023-31975"
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "en",
              "value": "yasm v1.3.0 was discovered to contain a memory leak via the function yasm_intnum_copy at /libyasm/intnum.c."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "en",
                  "value": "CWE-401"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "https://github.com/yasm/yasm/issues/210",
              "refsource": "MISC",
              "tags": [
                "Exploit",
                "Issue Tracking"
              ],
              "url": "https://github.com/yasm/yasm/issues/210"
            },
            {
              "name": "[oss-security] 20230620 CVE-2023-31975: memory leak in yasm",
              "refsource": "MLIST",
              "tags": [
                "Mailing List",
                "Third Party Advisory"
              ],
              "url": "http://www.openwall.com/lists/oss-security/2023/06/20/6"
            },
            {
              "name": "[oss-security] 20230621 Re: CVE-2023-31975: memory leak in yasm",
              "refsource": "MLIST",
              "tags": [
                "Mailing List",
                "Third Party Advisory"
              ],
              "url": "http://www.openwall.com/lists/oss-security/2023/06/21/2"
            },
            {
              "name": "[oss-security] 20230621 Re: CVE-2023-31975: memory leak in yasm",
              "refsource": "MLIST",
              "tags": [
                "Mailing List",
                "Third Party Advisory"
              ],
              "url": "http://www.openwall.com/lists/oss-security/2023/06/21/7"
            },
            {
              "name": "[oss-security] 20230621 Re: CVE-2023-31975: memory leak in yasm",
              "refsource": "MLIST",
              "tags": [
                "Mailing List",
                "Third Party Advisory"
              ],
              "url": "http://www.openwall.com/lists/oss-security/2023/06/21/8"
            },
            {
              "name": "[oss-security] 20230622 Re: CVE-2023-31975: memory leak in yasm",
              "refsource": "MLIST",
              "tags": [
                "Mailing List",
                "Third Party Advisory"
              ],
              "url": "http://www.openwall.com/lists/oss-security/2023/06/21/5"
            },
            {
              "name": "[oss-security] 20230621 Re: CVE-2023-31975: memory leak in yasm",
              "refsource": "MLIST",
              "tags": [
                "Mailing List",
                "Third Party Advisory"
              ],
              "url": "http://www.openwall.com/lists/oss-security/2023/06/21/9"
            },
            {
              "name": "[oss-security] 20230621 Re: CVE-2023-31975: memory leak in yasm",
              "refsource": "MLIST",
              "tags": [
                "Mailing List",
                "Third Party Advisory"
              ],
              "url": "http://www.openwall.com/lists/oss-security/2023/06/21/10"
            },
            {
              "name": "[oss-security] 20230621 Re: CVE-2023-31975: memory leak in yasm",
              "refsource": "MLIST",
              "tags": [
                "Mailing List",
                "Third Party Advisory"
              ],
              "url": "http://www.openwall.com/lists/oss-security/2023/06/21/13"
            },
            {
              "name": "[oss-security] 20230621 Re: CVE-2023-31975: memory leak in yasm",
              "refsource": "MLIST",
              "tags": [
                "Mailing List",
                "Third Party Advisory"
              ],
              "url": "http://www.openwall.com/lists/oss-security/2023/06/22/1"
            },
            {
              "name": "[oss-security] 20230621 Re: CVE-2023-31975: memory leak in yasm",
              "refsource": "MLIST",
              "tags": [
                "Mailing List",
                "Third Party Advisory"
              ],
              "url": "http://www.openwall.com/lists/oss-security/2023/06/22/3"
            },
            {
              "name": "[oss-security] 20230622 Re: CVE-2023-31975: memory leak in yasm",
              "refsource": "MLIST",
              "tags": [
                "Mailing List",
                "Third Party Advisory"
              ],
              "url": "http://www.openwall.com/lists/oss-security/2023/06/22/6"
            },
            {
              "name": "[oss-security] 20230623 Re: CVE-2023-31975: memory leak in yasm",
              "refsource": "MLIST",
              "tags": [
                "Mailing List",
                "Third Party Advisory"
              ],
              "url": "http://www.openwall.com/lists/oss-security/2023/06/23/1"
            },
            {
              "name": "[oss-security] 20230623 Re: CVE-2023-31975: memory leak in yasm",
              "refsource": "MLIST",
              "tags": [
                "Mailing List",
                "Third Party Advisory"
              ],
              "url": "http://www.openwall.com/lists/oss-security/2023/06/23/2"
            },
            {
              "name": "[oss-security] 20230623 Re: CVE-2023-31975: memory leak in yasm",
              "refsource": "MLIST",
              "tags": [
                "Mailing List",
                "Third Party Advisory"
              ],
              "url": "http://www.openwall.com/lists/oss-security/2023/06/23/4"
            },
            {
              "name": "[oss-security] 20230623 Re: CVE-2023-31975: memory leak in yasm",
              "refsource": "MLIST",
              "tags": [
                "Mailing List",
                "Third Party Advisory"
              ],
              "url": "http://www.openwall.com/lists/oss-security/2023/06/23/9"
            },
            {
              "name": "[oss-security] 20230623 Re: CVE-2023-31975: memory leak in yasm",
              "refsource": "MLIST",
              "tags": [
                "Mailing List",
                "Third Party Advisory"
              ],
              "url": "http://www.openwall.com/lists/oss-security/2023/06/23/8"
            },
            {
              "name": "[oss-security] 20230624 Re: CVE-2023-31975: memory leak in yasm",
              "refsource": "MLIST",
              "tags": [
                "Mailing List",
                "Third Party Advisory"
              ],
              "url": "http://www.openwall.com/lists/oss-security/2023/06/24/1"
            }
          ]
        }
      },
      "impact": {
        "baseMetricV3": {
          "cvssV3": {
            "attackComplexity": "LOW",
            "attackVector": "LOCAL",
            "availabilityImpact": "LOW",
            "baseScore": 3.3,
            "baseSeverity": "LOW",
            "confidentialityImpact": "NONE",
            "integrityImpact": "NONE",
            "privilegesRequired": "NONE",
            "scope": "UNCHANGED",
            "userInteraction": "REQUIRED",
            "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L",
            "version": "3.1"
          },
          "exploitabilityScore": 1.8,
          "impactScore": 1.4
        }
      },
      "lastModifiedDate": "2023-07-05T19:01Z",
      "publishedDate": "2023-05-09T13:15Z"
    }
  }
}

Sightings

Author	Source	Type	Date

Nomenclature

Seen: The vulnerability was mentioned, discussed, or seen somewhere by the user.
Confirmed: The vulnerability is confirmed from an analyst perspective.
Published Proof of Concept: A public proof of concept is available for this vulnerability.
Exploited: This vulnerability was exploited and seen by the user reporting the sighting.
Patched: This vulnerability was successfully patched by the user reporting the sighting.
Not exploited: This vulnerability was not exploited or seen by the user reporting the sighting.
Not confirmed: The user expresses doubt about the veracity of the vulnerability.
Not patched: This vulnerability was not successfully patched by the user reporting the sighting.

Action not permitted

CVE-2023-31975 (GCVE-0-2023-31975)

Vulnerability from cvelistv5

fkie_cve-2023-31975

Vulnerability from fkie_nvd

msrc_cve-2023-31975

Vulnerability from csaf_microsoft

ghsa-g56w-fm5h-cwrp

Vulnerability from github

gsd-2023-31975

Vulnerability from gsd

Tags

Sightings

Nomenclature