oss-sec mailing list archives
Re: CVE-2023-31975: memory leak in yasm
From: Siddhesh Poyarekar <siddhesh.poyarekar () gmail com>
Date: Wed, 21 Jun 2023 13:20:37 -0400
On Tue, Jun 20, 2023 at 6:49 PM Alan Coopersmith <alan.coopersmith () oracle com> wrote:
https://nvd.nist.gov/vuln/detail/CVE-2023-31975 is freaking out scanners since it claims this bug has a CVSS of 9.8. From what I see at https://github.com/yasm/yasm/issues/210 though, I can't see any CVSS higher than 0.0 being relevant here and think the CVE should be withdrawn. Am I missing something here? All I see is 2 objects of
I wrote a SECURITY.md[1] for yasm a while back to push back on such bogus CVEs, so this CVE should actually get rejected. Sid [1] https://github.com/yasm/yasm/blob/master/SECURITY.md -- https://gotplt.org
Current thread:
- Re: CVE-2023-31975: memory leak in yasm, (continued)
- Re: CVE-2023-31975: memory leak in yasm Dave Horsfall (Jun 21)
- Re: CVE-2023-31975: memory leak in yasm Jeffrey Walton (Jun 21)
- Re: CVE-2023-31975: memory leak in yasm Demi Marie Obenour (Jun 21)
- Re: CVE-2023-31975: memory leak in yasm Steve Grubb (Jun 21)
- Re: CVE-2023-31975: memory leak in yasm Jeffrey Walton (Jun 22)
- Re: CVE-2023-31975: memory leak in yasm Stuart Henderson (Jun 23)
- Re: CVE-2023-31975: memory leak in yasm Jakub Wilk (Jun 23)
- Re: CVE-2023-31975: memory leak in yasm Dave Horsfall (Jun 21)
- Re: CVE-2023-31975: memory leak in yasm Demi Marie Obenour (Jun 22)
- Re: CVE-2023-31975: memory leak in yasm Jeffrey Walton (Jun 21)
- Re: CVE-2023-31975: memory leak in yasm Siddhesh Poyarekar (Jun 23)
- Re: CVE-2023-31975: memory leak in yasm Marcus Meissner (Jun 23)