Bug 1218520 (CVE-2023-49557) - VUL-0: CVE-2023-49557: yasm: denial of service via the yasm_section_bcs_first function in the libyasm/section.c component.
Summary: VUL-0: CVE-2023-49557: yasm: denial of service via the yasm_section_bcs_first...
Status: RESOLVED WONTFIX
Alias: CVE-2023-49557
Product: SUSE Security Incidents
Classification: Novell Products
Component: Incidents (show other bugs)
Version: unspecified
Hardware: Other Other
: P3 - Medium : Normal
Target Milestone: ---
Assignee: Adam Majer
QA Contact: Security Team bot
URL: https://smash.suse.de/issue/389898/
Whiteboard: CVSSv3.1:SUSE:CVE-2023-49557:5.0:(AV:...
Keywords:
Depends on:
Blocks:
 
Reported: 2024-01-03 16:25 UTC by SMASH SMASH
Modified: 2024-01-04 11:05 UTC (History)
1 user (show)

See Also:
Found By: Security Response Team
Services Priority:
Business Priority:
Blocker: ---
Marketing QA Status: ---
IT Deployment: ---

Attachments
Add an attachment (proposed patch, testcase, etc.)

Note You need to log in before you can comment on or make changes to this bug.
Description SMASH SMASH 2024-01-03 16:25:27 UTC 
An issue in YASM 1.3.0.86.g9def allows a remote attacker to cause a denial of service via the yasm_section_bcs_first function in the libyasm/section.c component.

References:
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-49557
https://github.com/yasm/yasm/issues/253
Comment 3 Andrea Mattiazzo 2024-01-04 10:16:32 UTC 
As agreed, closed as wontfix
Comment 4 Andrea Mattiazzo 2024-01-04 11:05:13 UTC 
Just to add more info, closed as wontfix due to the context of yasm tool: an attacker could directly insert malicious code in the input file, there is no additional value gathered from exploiting the vulnerability creating an ad-hoc input file.