oss-sec mailing list archives

Re: CVE-2023-31975: memory leak in yasm

From: Siddhesh Poyarekar <siddhesh.poyarekar () gmail com>
Date: Wed, 21 Jun 2023 13:20:37 -0400

On Tue, Jun 20, 2023 at 6:49 PM Alan Coopersmith
<alan.coopersmith () oracle com> wrote:


https://nvd.nist.gov/vuln/detail/CVE-2023-31975 is freaking out scanners
since it claims this bug has a CVSS of 9.8.

 From what I see at https://github.com/yasm/yasm/issues/210 though, I can't
see any CVSS higher than 0.0 being relevant here and think the CVE should
be withdrawn.  Am I missing something here?  All I see is 2 objects of


I wrote a SECURITY.md[1] for yasm a while back to push back on such
bogus CVEs, so this CVE should actually get rejected.

Sid

[1] https://github.com/yasm/yasm/blob/master/SECURITY.md

-- 
https://gotplt.org

Current thread:

Re: CVE-2023-31975: memory leak in yasm, (continued)
- - Re: CVE-2023-31975: memory leak in yasm Dave Horsfall (Jun 21)
    - Re: CVE-2023-31975: memory leak in yasm Jeffrey Walton (Jun 21)
    - Re: CVE-2023-31975: memory leak in yasm Demi Marie Obenour (Jun 21)
    - Re: CVE-2023-31975: memory leak in yasm Steve Grubb (Jun 21)
    - Re: CVE-2023-31975: memory leak in yasm Jeffrey Walton (Jun 22)
    - Re: CVE-2023-31975: memory leak in yasm Stuart Henderson (Jun 23)
    - Re: CVE-2023-31975: memory leak in yasm Jakub Wilk (Jun 23)
    - Re: CVE-2023-31975: memory leak in yasm Demi Marie Obenour (Jun 22)
  - Re: CVE-2023-31975: memory leak in yasm Alan Coopersmith (Jun 21)
    - Re: CVE-2023-31975: memory leak in yasm Jeffrey Walton (Jun 21)
- Re: CVE-2023-31975: memory leak in yasm Siddhesh Poyarekar (Jun 21)
- Re: CVE-2023-31975: memory leak in yasm Smith, Stewart (Jun 22)
  - Re: CVE-2023-31975: memory leak in yasm Siddhesh Poyarekar (Jun 23)
- Re: CVE-2023-31975: memory leak in yasm Hanno Böck (Jun 23)
  - Re: CVE-2023-31975: memory leak in yasm Marcus Meissner (Jun 23)