Minimum information for the vulnerability covered by 32 CVEs.

gistfile1.txt

1、For Memory Leak in mjs ES6 use:
CVE-2021-33437

Suggested Description:

An issue was discovered in mjs (mJS: Restricted JavaScript engine), ES6 (JavaScript version 6). There are memory leaks in frozen_cb() in mjs.c.

Additional Information:
⌛ ⬤ The cveform.mitre.org "VulnerabilityType Other" field was set
to: memory leak

⬤ The cveform.mitre.org "Affected Component" field was set to:
mjs.c, frozen_cb(), mjs.

⬤ The cveform.mitre.org "Attack Type" field was set to: Local

⬤ The cveform.mitre.org "Impact Denial of Service" field was
set to: true

⬤ The cveform.mitre.org "Attack Vectors" field was set to: To
exploit vulnerability,someone must open a crafted file,like
https://github.com/Clingto/POC/blob/master/MSA/mjs/mjs-5794-
frozen_cb-memory-leak

⬤ The cveform.mitre.org "Reference" field was set to:
https://github.com/cesanta/mjs/issues/160

⬤ The cveform.mitre.org "Vendor of Product" field was set to:
https://github.com/cesanta/mjs

⬤ The cveform.mitre.org "Affected Product Code Base" field was
set to: mjs ES6 (JavaScript version 6)

⬤ The cveform.mitre.org "Suggested description" field was set
to: An issue was discovered in mjs(mJS: Restricted JavaScript
engine), ES6 (JavaScript version 6). There are memory leaks
in frozen_cb() in mjs.c.

⛹ The cveform.mitre.org 1001319 submission was from:
cfenicey@gmail.com

-----------------------------------------------------------------------------------
2、For Buffer Overflow in mjs ES6 use:

CVE-2021-33438

Suggested Description:

An issue was discovered in mjs (mJS: Restricted JavaScript engine), ES6 (JavaScript version 6). There is stack buffer overflow in json_parse_array() in mjs.c.

Additional Information:

⌛ ⬤ The cveform.mitre.org "Vulnerability Type" field was set to:
Buffer Overflow

⬤ The cveform.mitre.org "Affected Component" field was set to:
mjs.c, json_parse_array(), mjs.

⬤ The cveform.mitre.org "Attack Type" field was set to: Local

⬤ The cveform.mitre.org "Impact Denial of Service" field was
set to: true

⬤ The cveform.mitre.org "Attack Vectors" field was set to: To
exploit vulnerability,someone must open a crafted file,like
https://github.com/Clingto/POC/blob/master/MSA/mjs/mjs-5fb78
-json_parse_array-stack-overflow

⬤ The cveform.mitre.org "Reference" field was set to:
https://github.com/cesanta/mjs/issues/158

⬤ The cveform.mitre.org "Vendor of Product" field was set to:
https://github.com/cesanta/mjs

⬤ The cveform.mitre.org "Affected Product Code Base" field was
set to: mjs ES6 (JavaScript version 6)

⬤ The cveform.mitre.org "Suggested description" field was set
to: An issue was discovered in mjs(mJS: Restricted JavaScript
engine), ES6 (JavaScript version 6). There is stack buffer
overflow in json_parse_array() in mjs.c.

⛹ The cveform.mitre.org 1001319 submission was from:
cfenicey@gmail.com

-----------------------------------------------------------------------------------

3、For NULL pointer dereference in mjs ES6 use:

CVE-2021-33439

Suggested Description:

An issue was discovered in mjs(mJS: Restricted JavaScript engine), ES6 (JavaScript version 6). There is NULL pointer dereference in gc_compact_strings() in mjs.c.

Additional Information:

⌛ ⬤ The cveform.mitre.org "Vulnerability Type" field was set to:
NULL pointer dereference

⬤ The cveform.mitre.org "Affected Component" field was set to:
mjs.c, gc_compact_strings(), mjs.

⬤ The cveform.mitre.org "Attack Type" field was set to: Local

⬤ The cveform.mitre.org "Impact Denial of Service" field was
set to: true

⬤ The cveform.mitre.org "Attack Vectors" field was set to: To
exploit vulnerability,someone must open a crafted file,like
https://github.com/Clingto/POC/blob/master/MSA/mjs/mjs-8d05d
-gc_compact_strings-negative-size-param

⬤ The cveform.mitre.org "Reference" field was set to:
https://github.com/cesanta/mjs/issues/159

⬤ The cveform.mitre.org "Vendor of Product" field was set to:
https://github.com/cesanta/mjs

⬤ The cveform.mitre.org "Affected Product Code Base" field was
set to: mjs ES6 (JavaScript version 6)

⬤ The cveform.mitre.org "Suggested description" field was set
to: An issue was discovered in mjs(mJS: Restricted JavaScript
engine), ES6 (JavaScript version 6). There is Integer
overflow in gc_compact_strings() in mjs.c.

⛹ The cveform.mitre.org 1001319 submission was from:
cfenicey@gmail.com
-----------------------------------------------------------------------------------

4、For NULL pointer dereference in mjs ES6 (github issue 163) use:

CVE-2021-33440

Suggested Description:

An issue was discovered in mjs (mJS: Restricted JavaScript engine), ES6 (JavaScript version 6). There is NULL pointer dereference in mjs_bcode_commit() in mjs.c.

Additional Information:

⌛ ⬤ The cveform.mitre.org "VulnerabilityType Other" field was set
to: NULL pointer dereference

⬤ The cveform.mitre.org "Affected Component" field was set to:
mjs.c, mjs_bcode_commit(), mjs.

⬤ The cveform.mitre.org "Attack Type" field was set to: Local

⬤ The cveform.mitre.org "Impact Denial of Service" field was
set to: true

⬤ The cveform.mitre.org "Attack Vectors" field was set to: To
exploit vulnerability,someone must open a crafted file,like
https://github.com/Clingto/POC/blob/master/MSA/mjs/mjs-7954-
mjs_bcode_commit-null-pointer-deref

⬤ The cveform.mitre.org "Reference" field was set to:
https://github.com/cesanta/mjs/issues/163

⬤ The cveform.mitre.org "Vendor of Product" field was set to:
https://github.com/cesanta/mjs

⬤ The cveform.mitre.org "Affected Product Code Base" field was
set to: mjs ES6 (JavaScript version 6)

⬤ The cveform.mitre.org "Suggested description" field was set
to: An issue was discovered in mjs(mJS: Restricted JavaScript
engine), ES6 (JavaScript version 6). There is NULL pointer
dereference in mjs_bcode_commit() in mjs.c.

⛹ The cveform.mitre.org 1001319 submission was from:
cfenicey@gmail.com
-----------------------------------------------------

5、For NULL pointer dereference in mjs ES6 (github issue 165) use:

CVE-2021-33441

Suggested Description:

An issue was discovered in mjs (mJS: Restricted JavaScript engine), ES6 (JavaScript version 6). There is NULL pointer dereference in exec_expr() in mjs.c.

Additional Information:

⌛ ⬤ The cveform.mitre.org "VulnerabilityType Other" field was set
to: NULL pointer dereference

⬤ The cveform.mitre.org "Affected Component" field was set to:
mjs.c, exec_expr(), mjs.

⬤ The cveform.mitre.org "Attack Type" field was set to: Local

⬤ The cveform.mitre.org "Impact Denial of Service" field was
set to: true

⬤ The cveform.mitre.org "Attack Vectors" field was set to: To
exploit vulnerability,someone must open a crafted file,like
https://github.com/Clingto/POC/blob/master/MSA/mjs/mjs-9035-
exec_expr-null-pointer-deref

⬤ The cveform.mitre.org "Reference" field was set to:
https://github.com/cesanta/mjs/issues/165

⬤ The cveform.mitre.org "Vendor of Product" field was set to:
https://github.com/cesanta/mjs

⬤ The cveform.mitre.org "Affected Product Code Base" field was
set to: mjs ES6 (JavaScript version 6)

⬤ The cveform.mitre.org "Suggested description" field was set
to: An issue was discovered in mjs(mJS: Restricted JavaScript
engine), ES6 (JavaScript version 6). There is NULL pointer
dereference in exec_expr() in mjs.c.

⛹ The cveform.mitre.org 1001319 submission was from:
cfenicey@gmail.com
-----------------------------------------------------------------------------------

6、For NULL pointer dereference in mjs ES6 (github issue 161) use:

CVE-2021-33442

Suggested Description:

An issue was discovered in mjs (mJS: Restricted JavaScript engine), ES6 (JavaScript version 6). There is NULL pointer dereference in json_printf() in mjs.c.

Additional Information:

⌛ ⬤ The cveform.mitre.org "VulnerabilityType Other" field was set
to: NULL pointer dereference

⬤ The cveform.mitre.org "Affected Component" field was set to:
mjs.c, json_printf(), mjs.

⬤ The cveform.mitre.org "Attack Type" field was set to: Local

⬤ The cveform.mitre.org "Impact Denial of Service" field was
set to: true

⬤ The cveform.mitre.org "Attack Vectors" field was set to: To
exploit vulnerability,someone must open a crafted file,like
https://github.com/Clingto/POC/blob/master/MSA/mjs/mjs-6368-
json_printf-null-pointer-deref

⬤ The cveform.mitre.org "Reference" field was set to:
https://github.com/cesanta/mjs/issues/161

⬤ The cveform.mitre.org "Vendor of Product" field was set to:
https://github.com/cesanta/mjs

⬤ The cveform.mitre.org "Affected Product Code Base" field was
set to: mjs ES6 (JavaScript version 6)

⬤ The cveform.mitre.org "Suggested description" field was set
to: An issue was discovered in mjs(mJS: Restricted JavaScript
engine), ES6 (JavaScript version 6). There is NULL pointer
dereference in json_printf() in mjs.c.

⛹ The cveform.mitre.org 1001319 submission was from:
cfenicey@gmail.com
-----------------------------------------------------------------------------------

7、For NULL pointer dereference in mjs ES6 (github issue 167) use:

CVE-2021-33443

Suggested Description:

An issue was discovered in mjs (mJS: Restricted JavaScript engine), ES6 (JavaScript version 6). There is stack buffer overflow in mjs_execute() in mjs.c.

Additional Information:

⌛ ⬤ The cveform.mitre.org "VulnerabilityType Other" field was set
to: NULL pointer dereference

⬤ The cveform.mitre.org "Affected Component" field was set to:
mjs.c, mjs_execute(), mjs.

⬤ The cveform.mitre.org "Attack Type" field was set to: Local

⬤ The cveform.mitre.org "Impact Denial of Service" field was
set to: true

⬤ The cveform.mitre.org "Attack Vectors" field was set to: To
exploit vulnerability, someone must open a crafted file, like
https://github.com/Clingto/POC/blob/master/MSA/mjs/mjs-9522-
mjs_execute-stack-overflow

⬤ The cveform.mitre.org "Reference" field was set to:
https://github.com/cesanta/mjs/issues/167

⬤ The cveform.mitre.org "Vendor of Product" field was set to:
https://github.com/cesanta/mjs

⬤ The cveform.mitre.org "Affected Product Code Base" field was
set to: mjs ES6 (JavaScript version 6)

⬤ The cveform.mitre.org "Suggested description" field was set
to: An issue was discovered in mjs(mJS: Restricted JavaScript
engine), ES6 (JavaScript version 6). There is stack buffer
overflow in mjs_execute() in mjs.c.

⛹ The cveform.mitre.org 1001319 submission was from:
cfenicey@gmail.com
-----------------------------------------------------------------------------------

8、For NULL pointer dereference in mjs ES6 (github issue 166) use:

CVE-2021-33444

Suggested Description:

An issue was discovered in mjs (mJS: Restricted JavaScript engine), ES6 (JavaScript version 6). There is NULL pointer dereference in getprop_builtin_foreign() in mjs.c.

Additional Information:

⌛ ⬤ The cveform.mitre.org "VulnerabilityType Other" field was set
to: NULL pointer dereference

⬤ The cveform.mitre.org "Affected Component" field was set to:
mjs.c, getprop_builtin_foreign(), mjs.

⬤ The cveform.mitre.org "Attack Type" field was set to: Local

⬤ The cveform.mitre.org "Impact Denial of Service" field was
set to: true

⬤ The cveform.mitre.org "Attack Vectors" field was set to: To
exploit vulnerability, someone must open a crafted file, like
https://github.com/Clingto/POC/blob/master/MSA/mjs/mjs-9187-
getprop_builtin_foreign-null-pointer-deref

⬤ The cveform.mitre.org "Reference" field was set to:
https://github.com/cesanta/mjs/issues/166

⬤ The cveform.mitre.org "Vendor of Product" field was set to:
https://github.com/cesanta/mjs

⬤ The cveform.mitre.org "Affected Product Code Base" field was
set to: mjs ES6 (JavaScript version 6)

⬤ The cveform.mitre.org "Suggested description" field was set
to: An issue was discovered in mjs(mJS: Restricted JavaScript
engine), ES6 (JavaScript version 6). There is NULL pointer
dereference in getprop_builtin_foreign() in mjs.c.

⛹ The cveform.mitre.org 1001319 submission was from:
cfenicey@gmail.com
-----------------------------------------------------------------------------------

9、For NULL pointer dereference in mjs ES6 (github issue 169) use:

CVE-2021-33445

Suggested Description:

An issue was discovered in mjs (mJS: Restricted JavaScript engine), ES6 (JavaScript version 6). There is NULL pointer dereference in mjs_string_char_code_at() in mjs.c.

Additional Information:

⌛ ⬤ The cveform.mitre.org "VulnerabilityType Other" field was set
to: NULL pointer dereference

⬤ The cveform.mitre.org "Affected Component" field was set to:
mjs.c, mjs_string_char_code_at(), mjs.

⬤ The cveform.mitre.org "Attack Type" field was set to: Local

⬤ The cveform.mitre.org "Impact Denial of Service" field was
set to: true

⬤ The cveform.mitre.org "Attack Vectors" field was set to: To
exploit vulnerability,someone must open a crafted file,like
https://github.com/Clingto/POC/blob/master/MSA/mjs/mjs-13891
-mjs_string_char_code_at-null-pointer-deref

⬤ The cveform.mitre.org "Reference" field was set to:
https://github.com/cesanta/mjs/issues/169

⬤ The cveform.mitre.org "Vendor of Product" field was set to:
https://github.com/cesanta/mjs

⬤ The cveform.mitre.org "Affected Product Code Base" field was
set to: mjs ES6 (JavaScript version 6)

⬤ The cveform.mitre.org "Suggested description" field was set
to: An issue was discovered in mjs(mJS: Restricted JavaScript
engine), ES6 (JavaScript version 6). There is NULL pointer
dereference in mjs_string_char_code_at() in mjs.c.

⛹ The cveform.mitre.org 1001319 submission was from:
cfenicey@gmail.com
-----------------------------------------------------------------------------------
10、For NULL pointer dereference in mjs ES6 (github issue 168) use:

CVE-2021-33446

Suggested Description:

An issue was discovered in mjs (mJS: Restricted JavaScript engine), ES6 (JavaScript version 6). There is NULL pointer dereference in mjs_next() in mjs.c.

Additional Information:

⌛ ⬤ The cveform.mitre.org "VulnerabilityType Other" field was set
to: NULL pointer dereference

⬤ The cveform.mitre.org "Affected Component" field was set to:
mjs.c, mjs_next(), mjs.

⬤ The cveform.mitre.org "Attack Type" field was set to: Local

⬤ The cveform.mitre.org "Impact Denial of Service" field was
set to: true

⬤ The cveform.mitre.org "Attack Vectors" field was set to: To
exploit vulnerability,someone must open a crafted file,like
https://github.com/Clingto/POC/blob/master/MSA/mjs/mjs-12318
-mjs_next-null-pointer-deref

⬤ The cveform.mitre.org "Reference" field was set to:
https://github.com/cesanta/mjs/issues/168

⬤ The cveform.mitre.org "Vendor of Product" field was set to:
https://github.com/cesanta/mjs

⬤ The cveform.mitre.org "Affected Product Code Base" field was
set to: mjs ES6 (JavaScript version 6)

⬤ The cveform.mitre.org "Suggested description" field was set
to: An issue was discovered in mjs(mJS: Restricted JavaScript
engine), ES6 (JavaScript version 6). There is NULL pointer
dereference in mjs_next() in mjs.c.

⛹ The cveform.mitre.org 1001319 submission was from:
cfenicey@gmail.com
-----------------------------------------------------------------------------------
11、For NULL pointer dereference in mjs ES6 (github issue 164) use:

CVE-2021-33447

Suggested Description:

An issue was discovered in mjs (mJS: Restricted JavaScript engine), ES6 (JavaScript version 6). There is NULL pointer dereference in mjs_print() in mjs.c.

Additional Information:

⌛ ⬤ The cveform.mitre.org "VulnerabilityType Other" field was set
to: NULL pointer dereference

⬤ The cveform.mitre.org "Affected Component" field was set to:
mjs.c, mjs_print(), mjs.

⬤ The cveform.mitre.org "Attack Type" field was set to: Local

⬤ The cveform.mitre.org "Impact Denial of Service" field was
set to: true

⬤ The cveform.mitre.org "Attack Vectors" field was set to: To
exploit vulnerability,someone must open a crafted file,like
https://github.com/Clingto/POC/blob/master/MSA/mjs/mjs-7992-
mjs_print-null-pointer-deref

⬤ The cveform.mitre.org "Reference" field was set to:
https://github.com/cesanta/mjs/issues/164

⬤ The cveform.mitre.org "Vendor of Product" field was set to:
https://github.com/cesanta/mjs

⬤ The cveform.mitre.org "Affected Product Code Base" field was
set to: mjs ES6 (JavaScript version 6)

⬤ The cveform.mitre.org "Suggested description" field was set
to: An issue was discovered in mjs(mJS: Restricted JavaScript
engine), ES6 (JavaScript version 6). There is NULL pointer
dereference in mjs_print() in mjs.c.

⛹ The cveform.mitre.org 1001319 submission was from:
cfenicey@gmail.com
-----------------------------------------------------------------------------------
12、For Buffer Overflow in mjs ES6 (github issue 170) use:

CVE-2021-33448

Suggested Description:

An issue was discovered in mjs(mJS: Restricted JavaScript engine), ES6 (JavaScript version 6). There is stack buffer overflow at 0x7fffe9049390.

Additional Information:

⌛ ⬤ The cveform.mitre.org "Vulnerability Type" field was set to:
Buffer Overflow

⬤ The cveform.mitre.org "Affected Component" field was set to:
<unknown module>, at 0x7fffe9049390, mjs.

⬤ The cveform.mitre.org "Attack Type" field was set to: Local

⬤ The cveform.mitre.org "Impact Denial of Service" field was
set to: true

⬤ The cveform.mitre.org "Attack Vectors" field was set to: To
exploit vulnerability,someone must open a crafted file,like
https://github.com/Clingto/POC/blob/master/MSA/mjs/mjs-modul
e-stack-overflow

⬤ The cveform.mitre.org "Reference" field was set to:
https://github.com/cesanta/mjs/issues/170

⬤ The cveform.mitre.org "Vendor of Product" field was set to:
https://github.com/cesanta/mjs

⬤ The cveform.mitre.org "Affected Product Code Base" field was
set to: mjs ES6 (JavaScript version 6)

⬤ The cveform.mitre.org "Suggested description" field was set
to: An issue was discovered in mjs(mJS: Restricted JavaScript
engine), ES6 (JavaScript version 6). There is stack buffer
overflow at 0x7fffe9049390.

⛹ The cveform.mitre.org 1001319 submission was from:
cfenicey@gmail.com
-----------------------------------------------------------------------------------
13、For NULL pointer dereference in mjs ES6 (github issue 162) use:

CVE-2021-33449

Suggested Description:

An issue was discovered in mjs (mJS: Restricted JavaScript engine), ES6 (JavaScript version 6). There is NULL pointer dereference in mjs_bcode_part_get_by_offset() in mjs.c.

Additional Information:

⌛ ⬤ The cveform.mitre.org "VulnerabilityType Other" field was set
to: NULL pointer dereference

⬤ The cveform.mitre.org "Affected Component" field was set to:
mjs.c, mjs_bcode_part_get_by_offset(), mjs.

⬤ The cveform.mitre.org "Attack Type" field was set to: Local

⬤ The cveform.mitre.org "Impact Denial of Service" field was
set to: true

⬤ The cveform.mitre.org "Attack Vectors" field was set to: To
exploit vulnerability,someone must open a crafted file,like
https://github.com/Clingto/POC/blob/master/MSA/mjs/mjs-7945-
mjs_bcode_part_get_by_offset-null-pointer-deref

⬤ The cveform.mitre.org "Reference" field was set to:
https://github.com/cesanta/mjs/issues/162

⬤ The cveform.mitre.org "Vendor of Product" field was set to:
https://github.com/cesanta/mjs

⬤ The cveform.mitre.org "Affected Product Code Base" field was
set to: mjs ES6 (JavaScript version 6)

⬤ The cveform.mitre.org "Suggested description" field was set
to: An issue was discovered in mjs(mJS: Restricted JavaScript
engine), ES6 (JavaScript version 6). There is NULL pointer
dereference in mjs_bcode_part_get_by_offset() in mjs.c.

⛹ The cveform.mitre.org 1001319 submission was from:
cfenicey@gmail.com
-----------------------------------------------------------------------------------
14、For memory leak in NASM 2.16rc0 (id=3392758) use:

CVE-2021-33450

Suggested Description:

An issue was discovered in NASM version 2.16rc0. There are memory leaks in nasm_calloc() in nasmlib/alloc.c.

Additional Information:

⌛ ⬤ The cveform.mitre.org "VulnerabilityType Other" field was set
to: memory leak

⬤ The cveform.mitre.org "Affected Component" field was set to:
nasmlib/alloc.c, nasm_calloc(), nasm.

⬤ The cveform.mitre.org "Attack Type" field was set to: Local

⬤ The cveform.mitre.org "Impact Denial of Service" field was
set to: true

⬤ The cveform.mitre.org "Attack Vectors" field was set to: To
exploit vulnerability, someone must open a crafted file, like
https://github.com/Clingto/POC/blob/master/MSA/nasm/nasm-nas
m_calloc-1255

⬤ The cveform.mitre.org "Reference" field was set to:
https://bugzilla.nasm.us/show_bug.cgi?id=3392758

⬤ The cveform.mitre.org "Vendor of Product" field was set to:
https://github.com/netwide-assembler/nasm

⬤ The cveform.mitre.org "Affected Product Code Base" field was
set to: NASM 2.16rc0

⬤ The cveform.mitre.org "Suggested description" field was set
to: An issue was discovered in NASM version 2.16rc0. There
are memory leaks in nasm_calloc() in nasmlib/alloc.c.

⛹ The cveform.mitre.org 1001319 submission was from:
cfenicey@gmail.com
-----------------------------------------------------------------------------------
15、For memory leak in lrzip 0.641 use:

CVE-2021-33451

Suggested Description:

An issue was discovered in lrzip version 0.641. There are memory leaks in fill_buffer() in stream.c.

Additional Information:

⌛ ⬤ The cveform.mitre.org "VulnerabilityType Other" field was set
to: memory leak

⬤ The cveform.mitre.org "Affected Component" field was set to:
stream.c:1538, fill_buffer(), lrzip.

⬤ The cveform.mitre.org "Attack Type" field was set to: Local

⬤ The cveform.mitre.org "Impact Denial of Service" field was
set to: true

⬤ The cveform.mitre.org "Attack Vectors" field was set to: To
exploit vulnerability, someone must open a crafted file, like
https://github.com/Clingto/POC/blob/master/MSA/lrzip/lrzip-5
61-fill_buffer-memory-leak

⬤ The cveform.mitre.org "Reference" field was set to:
https://github.com/ckolivas/lrzip/issues/198

⬤ The cveform.mitre.org "Vendor of Product" field was set to:
https://github.com/ckolivas/lrzip

⬤ The cveform.mitre.org "Affected Product Code Base" field was
set to: lrzip 0.641

⬤ The cveform.mitre.org "Suggested description" field was set
to: An issue was discovered in lrzip version 0.641. There are
memory leaks in fill_buffer() in stream.c.

⛹ The cveform.mitre.org 1001319 submission was from:
cfenicey@gmail.com
-----------------------------------------------------------------------------------
16、For memory leak in NASM 2.16rc0 (id=3392757) use:

CVE-2021-33452

Suggested Description:

An issue was discovered in NASM version 2.16rc0. There are memory leaks in nasm_malloc() in nasmlib/alloc.c.

Additional Information:

⌛ ⬤ The cveform.mitre.org "VulnerabilityType Other" field was set
to: memory leak

⬤ The cveform.mitre.org "Affected Component" field was set to:
nasmlib/alloc.c, nasm_malloc(), nasm.

⬤ The cveform.mitre.org "Attack Type" field was set to: Local

⬤ The cveform.mitre.org "Impact Denial of Service" field was
set to: true

⬤ The cveform.mitre.org "Attack Vectors" field was set to: To
exploit vulnerability, someone must open a crafted file, like
https://github.com/Clingto/POC/blob/master/MSA/nasm/nasm-pre
proc-4646-nasm_malloc-memory-leak

⬤ The cveform.mitre.org "Reference" field was set to:
https://bugzilla.nasm.us/show_bug.cgi?id=3392757

⬤ The cveform.mitre.org "Vendor of Product" field was set to:
https://github.com/netwide-assembler/nasm

⬤ The cveform.mitre.org "Affected Product Code Base" field was
set to: NASM 2.16rc0

⬤ The cveform.mitre.org "Suggested description" field was set
to: An issue was discovered in NASM version 2.16rc0. There
are memory leaks in nasm_malloc() in nasmlib/alloc.c.

⛹ The cveform.mitre.org 1001319 submission was from:
cfenicey@gmail.com
-----------------------------------------------------------------------------------
17、For use-after-free in lrzip 0.641 use:

CVE-2021-33453

Suggested Description:

An issue was discovered in lrzip version 0.641. There is a use-after-free in ucompthread() in stream.c:1538.

Additional Information:

⌛ ⬤ The cveform.mitre.org "VulnerabilityType Other" field was set
to: NULL pointer dereference

⌛ ⬤ The cveform.mitre.org "VulnerabilityType Other" field was set
to: use-after-free

⬤ The cveform.mitre.org "Affected Component" field was set to:
stream.c, ucompthread(), lrzip.

⬤ The cveform.mitre.org "Attack Type" field was set to: Local

⬤ The cveform.mitre.org "Impact Denial of Service" field was
set to: true

⬤ The cveform.mitre.org "Attack Vectors" field was set to: To
exploit vulnerability, someone must open a crafted file, like
https://github.com/Clingto/POC/blob/master/MSA/lrzip/lrzip-6
02-ucompthread-UAF

⬤ The cveform.mitre.org "Reference" field was set to:
https://github.com/ckolivas/lrzip/issues/199

⬤ The cveform.mitre.org "Vendor of Product" field was set to:
https://github.com/ckolivas/lrzip

⬤ The cveform.mitre.org "Affected Product Code Base" field was
set to: lrzip 0.641

⬤ The cveform.mitre.org "Suggested description" field was set
to: An issue was discovered in lrzip version 0.641. There is
a use-after-free in ucompthread() in stream.c:1538.

⛹ The cveform.mitre.org 1001319 submission was from:
cfenicey@gmail.com
-----------------------------------------------------------------------------------
18、For NULL pointer dereference in YASM 1.3.0 (github issue 166) use:

CVE-2021-33454

Suggested Description:

An issue was discovered in yasm version 1.3.0. There is a NULL pointer dereference in yasm_expr_get_intnum() in libyasm/expr.c.

Additional Information:

⌛ ⬤ The cveform.mitre.org "VulnerabilityType Other" field was set
to: NULL pointer dereference

⬤ The cveform.mitre.org "Affected Component" field was set to:
libyasm/expr.c, yasm_expr_get_intnum(), yasm.

⬤ The cveform.mitre.org "Attack Type" field was set to: Local

⬤ The cveform.mitre.org "Impact Denial of Service" field was
set to: true

⬤ The cveform.mitre.org "Attack Vectors" field was set to: To
exploit vulnerability, someone must open a crafted file, like
https://github.com/Clingto/POC/blob/master/MSA/yasm/yasm-137
7-yasm_expr_get_intnum-null-pointer-deref

⬤ The cveform.mitre.org "Reference" field was set to:
https://github.com/yasm/yasm/issues/166

⬤ The cveform.mitre.org "Vendor of Product" field was set to:
https://github.com/yasm/yasm

⬤ The cveform.mitre.org "Affected Product Code Base" field was
set to: YASM 1.3.0

⬤ The cveform.mitre.org "Suggested description" field was set
to: An issue was discovered in yasm version 1.3.0. There is a
NULL pointer dereference in yasm_expr_get_intnum() in
libyasm/expr.c.

⛹ The cveform.mitre.org 1001319 submission was from:
cfenicey@gmail.com
-----------------------------------------------------------------------------------
19、For NULL pointer dereference in YASM 1.3.0 (github issue 169) use:

CVE-2021-33455

Suggested Description:

An issue was discovered in yasm version 1.3.0. There is a NULL pointer dereference in do_directive() in modules/preprocs/nasm/nasm-pp.c.

Additional Information:

⌛ ⬤ The cveform.mitre.org "VulnerabilityType Other" field was set
to: NULL pointer dereference

⬤ The cveform.mitre.org "Affected Component" field was set to:
modules/preprocs/nasm/nasm-pp.c, do_directive(), yasm.

⬤ The cveform.mitre.org "Attack Type" field was set to: Local

⬤ The cveform.mitre.org "Impact Denial of Service" field was
set to: true

⬤ The cveform.mitre.org "Attack Vectors" field was set to: To
exploit vulnerability, someone must open a crafted file, like
https://github.com/Clingto/POC/blob/master/MSA/yasm/yasm-235
2-do_directive-null-pointer-deref

⬤ The cveform.mitre.org "Reference" field was set to:
https://github.com/yasm/yasm/issues/169

⬤ The cveform.mitre.org "Vendor of Product" field was set to:
https://github.com/yasm/yasm

⬤ The cveform.mitre.org "Affected Product Code Base" field was
set to: YASM 1.3.0

⬤ The cveform.mitre.org "Suggested description" field was set
to: An issue was discovered in yasm version 1.3.0. There is a
NULL pointer dereference in do_directive() in
modules/preprocs/nasm/nasm-pp.c.

⛹ The cveform.mitre.org 1001319 submission was from:
cfenicey@gmail.com
-----------------------------------------------------------------------------------
20、For NULL pointer dereference in YASM 1.3.0 (github issue 175) use:

CVE-2021-33456

Suggested Description:

An issue was discovered in yasm version 1.3.0. There is a NULL pointer dereference in hash() in modules/preprocs/nasm/nasm-pp.c.

Additional Information:

⌛ ⬤ The cveform.mitre.org "VulnerabilityType Other" field was set
to: NULL pointer dereference

⬤ The cveform.mitre.org "Affected Component" field was set to:
modules/preprocs/nasm/nasm-pp.c, hash(), yasm.

⬤ The cveform.mitre.org "Attack Type" field was set to: Local

⬤ The cveform.mitre.org "Impact Denial of Service" field was
set to: true

⬤ The cveform.mitre.org "Attack Vectors" field was set to: To
exploit vulnerability,someone must open a crafted file,like
https://github.com/Clingto/POC/blob/master/MSA/yasm/yasm-111
4-hash-null-pointer-deref

⬤ The cveform.mitre.org "Reference" field was set to:
https://github.com/yasm/yasm/issues/175

⬤ The cveform.mitre.org "Vendor of Product" field was set to:
https://github.com/yasm/yasm

⬤ The cveform.mitre.org "Affected Product Code Base" field was
set to: YASM 1.3.0

⬤ The cveform.mitre.org "Suggested description" field was set
to: An issue was discovered in yasm version 1.3.0. There is a
NULL pointer dereference in hash() in
modules/preprocs/nasm/nasm-pp.c.

⛹ The cveform.mitre.org 1001319 submission was from:
cfenicey@gmail.com
-----------------------------------------------------------------------------------
21、For NULL pointer dereference in YASM 1.3.0 (github issue 171) use:

CVE-2021-33457

Suggested Description:

An issue was discovered in yasm version 1.3.0. There is a NULL pointer dereference in expand_mmac_params() in modules/preprocs/nasm/nasm-pp.c.

Additional Information:

⌛ ⬤ The cveform.mitre.org "VulnerabilityType Other" field was set
to: NULL pointer dereference

⬤ The cveform.mitre.org "Affected Component" field was set to:
modules/preprocs/nasm/nasm-pp.c, expand_mmac_params(), yasm.

⬤ The cveform.mitre.org "Attack Type" field was set to: Local

⬤ The cveform.mitre.org "Impact Denial of Service" field was
set to: true

⬤ The cveform.mitre.org "Attack Vectors" field was set to: To
exploit vulnerability, someone must open a crafted file, like
https://github.com/Clingto/POC/blob/master/MSA/yasm/yasm-385
7-expand_mmac_params-null-pointer-deref

⬤ The cveform.mitre.org "Reference" field was set to:
https://github.com/yasm/yasm/issues/171

⬤ The cveform.mitre.org "Vendor of Product" field was set to:
https://github.com/yasm/yasm

⬤ The cveform.mitre.org "Affected Product Code Base" field was
set to: YASM 1.3.0

⬤ The cveform.mitre.org "Suggested description" field was set
to: An issue was discovered in yasm version 1.3.0. There is a
NULL pointer dereference in expand_mmac_params() in
modules/preprocs/nasm/nasm-pp.c.

⛹ The cveform.mitre.org 1001319 submission was from:
cfenicey@gmail.com
-----------------------------------------------------------------------------------
22、For NULL pointer dereference in YASM 1.3.0 (github issue 170) use:

CVE-2021-33458

Suggested Description:

An issue was discovered in yasm version 1.3.0. There is a NULL pointer dereference in find_cc() in modules/preprocs/nasm/nasm-pp.c.

Additional Information:

⌛ ⬤ The cveform.mitre.org "VulnerabilityType Other" field was set
to: NULL pointer dereference

⬤ The cveform.mitre.org "Affected Component" field was set to:
modules/preprocs/nasm/nasm-pp.c, find_cc(), yasm.

⬤ The cveform.mitre.org "Attack Type" field was set to: Local

⬤ The cveform.mitre.org "Impact Denial of Service" field was
set to: true

⬤ The cveform.mitre.org "Attack Vectors" field was set to: To
exploit vulnerability, someone must open a crafted file, like
https://github.com/Clingto/POC/blob/master/MSA/yasm/yasm-381
1-find_cc-null-pointer-deref

⬤ The cveform.mitre.org "Reference" field was set to:
https://github.com/yasm/yasm/issues/170

⬤ The cveform.mitre.org "Vendor of Product" field was set to:
https://github.com/yasm/yasm

⬤ The cveform.mitre.org "Affected Product Code Base" field was
set to: YASM 1.3.0

⬤ The cveform.mitre.org "Suggested description" field was set
to: An issue was discovered in yasm version 1.3.0. There is a
NULL pointer dereference in find_cc() in
modules/preprocs/nasm/nasm-pp.c.

⛹ The cveform.mitre.org 1001319 submission was from:
cfenicey@gmail.com
-----------------------------------------------------------------------------------
23、For NULL pointer dereference in YASM 1.3.0 (github issue 167) use:

CVE-2021-33459

Suggested Description:

An issue was discovered in yasm version 1.3.0. There is a NULL pointer dereference in nasm_parser_directive() in modules/parsers/nasm/nasm-parse.c.

Additional Information:

⌛ ⬤ The cveform.mitre.org "VulnerabilityType Other" field was set
to: NULL pointer dereference

⬤ The cveform.mitre.org "Affected Component" field was set to:
modules/parsers/nasm/nasm-parse.c, nasm_parser_directive(),
yasm.

⬤ The cveform.mitre.org "Attack Type" field was set to: Local

⬤ The cveform.mitre.org "Impact Denial of Service" field was
set to: true

⬤ The cveform.mitre.org "Attack Vectors" field was set to: To
exploit vulnerability, someone must open a crafted file, like
https://github.com/Clingto/POC/blob/master/MSA/yasm/yasm-159
5-nasm_parser_directive-null-pointer-deref

⬤ The cveform.mitre.org "Reference" field was set to:
https://github.com/yasm/yasm/issues/167

⬤ The cveform.mitre.org "Vendor of Product" field was set to:
https://github.com/yasm/yasm

⬤ The cveform.mitre.org "Affected Product Code Base" field was
set to: YASM 1.3.0

⬤ The cveform.mitre.org "Suggested description" field was set
to: An issue was discovered in yasm version 1.3.0. There is a
NULL pointer dereference in nasm_parser_directive() in
modules/parsers/nasm/nasm-parse.c.

⛹ The cveform.mitre.org 1001319 submission was from:
cfenicey@gmail.com
-----------------------------------------------------------------------------------
24、For NULL pointer dereference in YASM 1.3.0 (github issue 168) use:

CVE-2021-33460

Suggested Description:

An issue was discovered in yasm version 1.3.0. There is a NULL pointer dereference in if_condition() in modules/preprocs/nasm/nasm-pp.c.

Additional Information:

⌛ ⬤ The cveform.mitre.org "VulnerabilityType Other" field was set
to: NULL pointer dereference

⬤ The cveform.mitre.org "Affected Component" field was set to:
modules/preprocs/nasm/nasm-pp.c, if_condition(), yasm.

⬤ The cveform.mitre.org "Attack Type" field was set to: Local

⬤ The cveform.mitre.org "Impact Denial of Service" field was
set to: true

⬤ The cveform.mitre.org "Attack Vectors" field was set to: To
exploit vulnerability, someone must open a crafted file, like
https://github.com/Clingto/POC/blob/master/MSA/yasm/yasm-213
4-if_condition-null-pointer-deref

⬤ The cveform.mitre.org "Reference" field was set to:
https://github.com/yasm/yasm/issues/168

⬤ The cveform.mitre.org "Vendor of Product" field was set to:
https://github.com/yasm/yasm

⬤ The cveform.mitre.org "Affected Product Code Base" field was
set to: YASM 1.3.0

⬤ The cveform.mitre.org "Suggested description" field was set
to: An issue was discovered in yasm version 1.3.0. There is a
NULL pointer dereference in if_condition() in
modules/preprocs/nasm/nasm-pp.c.

⛹ The cveform.mitre.org 1001319 submission was from:
cfenicey@gmail.com
-----------------------------------------------------------------------------------
25、For use-after-free in YASM 1.3.0 (github issue 161) use:

CVE-2021-33461

Suggested Description:

An issue was discovered in yasm version 1.3.0. There is a use-after-free in yasm_intnum_destroy() in libyasm/intnum.c.

Additional Information:

⌛ ⬤ The cveform.mitre.org "VulnerabilityType Other" field was set
to: use-after-free

⬤ The cveform.mitre.org "Affected Component" field was set to:
libyasm/intnum.c, yasm_intnum_destroy(), yasm.

⬤ The cveform.mitre.org "Attack Type" field was set to: Local

⬤ The cveform.mitre.org "Impact Denial of Service" field was
set to: true

⬤ The cveform.mitre.org "Attack Vectors" field was set to: To
exploit vulnerability, someone must open a crafted file, like
https://github.com/Clingto/POC/blob/master/MSA/yasm/yasm-415
-yasm_intnum_destroy-UAF

⬤ The cveform.mitre.org "Reference" field was set to:
https://github.com/yasm/yasm/issues/161

⬤ The cveform.mitre.org "Vendor of Product" field was set to:
https://github.com/yasm/yasm

⬤ The cveform.mitre.org "Affected Product Code Base" field was
set to: YASM 1.3.0

⬤ The cveform.mitre.org "Suggested description" field was set
to: An issue was discovered in yasm version 1.3.0. There is a
use-after-free in yasm_intnum_destroy() in libyasm/intnum.c.

⛹ The cveform.mitre.org 1001319 submission was from:
cfenicey@gmail.com
-----------------------------------------------------------------------------------
26、For use-after-free in YASM 1.3.0 (github issue 165) use:

CVE-2021-33462

Suggested Description:

An issue was discovered in yasm version 1.3.0. There is a use-after-free in expr_traverse_nodes_post() in libyasm/expr.c.

Additional Information:

⌛ ⬤ The cveform.mitre.org "VulnerabilityType Other" field was set
to: use-after-free

⬤ The cveform.mitre.org "Affected Component" field was set to:
libyasm/expr.c, expr_traverse_nodes_post(), yasm.

⬤ The cveform.mitre.org "Attack Type" field was set to: Local

⬤ The cveform.mitre.org "Impact Denial of Service" field was
set to: true

⬤ The cveform.mitre.org "Attack Vectors" field was set to: To
exploit vulnerability, someone must open a crafted file, like
https://github.com/Clingto/POC/blob/master/MSA/yasm/yasm-122
6-expr_traverse_nodes_post-UAF

⬤ The cveform.mitre.org "Reference" field was set to:
https://github.com/yasm/yasm/issues/165

⬤ The cveform.mitre.org "Vendor of Product" field was set to:
https://github.com/yasm/yasm

⬤ The cveform.mitre.org "Affected Product Code Base" field was
set to: YASM 1.3.0

⬤ The cveform.mitre.org "Suggested description" field was set
to: An issue was discovered in yasm version 1.3.0. There is a
use-after-free in expr_traverse_nodes_post() in
libyasm/expr.c.

⛹ The cveform.mitre.org 1001319 submission was from:
cfenicey@gmail.com
-----------------------------------------------------------------------------------
27、For NULL pointer dereference in YASM 1.3.0 (github issue 174) use:

CVE-2021-33463

Suggested Description:

An issue was discovered in yasm version 1.3.0. There is a NULL pointer dereference in yasm_expr__copy_except() in libyasm/expr.c.

Additional Information:

⌛ ⬤ The cveform.mitre.org "VulnerabilityType Other" field was set
to: NULL pointer dereference

⬤ The cveform.mitre.org "Affected Component" field was set to:
libyasm/expr.c, yasm_expr__copy_except(), yasm.

⬤ The cveform.mitre.org "Attack Type" field was set to: Local

⬤ The cveform.mitre.org "Impact Denial of Service" field was
set to: true

⬤ The cveform.mitre.org "Attack Vectors" field was set to: To
exploit vulnerability, someone must open a crafted file, like
https://github.com/Clingto/POC/blob/master/MSA/yasm/yasm-111
3-yasm_expr__copy_except-null-pointer-deref

⬤ The cveform.mitre.org "Reference" field was set to:
https://github.com/yasm/yasm/issues/174

⬤ The cveform.mitre.org "Vendor of Product" field was set to:
https://github.com/yasm/yasm

⬤ The cveform.mitre.org "Affected Product Code Base" field was
set to: YASM 1.3.0

⬤ The cveform.mitre.org "Suggested description" field was set
to: An issue was discovered in yasm version 1.3.0. There is a
NULL pointer dereference in yasm_expr__copy_except() in
libyasm/expr.c.

⛹ The cveform.mitre.org 1001319 submission was from:
cfenicey@gmail.com
-----------------------------------------------------------------------------------
28、For heap buffer overflow in YASM 1.3.0 (github issue 164) use:

CVE-2021-33464

Suggested Description:

An issue was discovered in yasm version 1.3.0. There is a NULL pointer dereference in inc_fopen() in modules/preprocs/nasm/nasm-pp.c.

Additional Information:

⌛ ⬤ The cveform.mitre.org "Vulnerability Type" field was set to:
Buffer Overflow

⬤ The cveform.mitre.org "Affected Component" field was set to:
modules/preprocs/nasm/nasm-pp.c, inc_fopen(), yasm.

⬤ The cveform.mitre.org "Attack Type" field was set to: Local

⬤ The cveform.mitre.org "Impact Denial of Service" field was
set to: true

⬤ The cveform.mitre.org "Attack Vectors" field was set to: To
exploit vulnerability, someone must open a crafted file, like
https://github.com/Clingto/POC/blob/master/MSA/yasm/yasm-730
6d-inc_fopen-heap-buffer-overflow

⬤ The cveform.mitre.org "Reference" field was set to:
https://github.com/yasm/yasm/issues/164

⬤ The cveform.mitre.org "Vendor of Product" field was set to:
https://github.com/yasm/yasm

⬤ The cveform.mitre.org "Affected Product Code Base" field was
set to: YASM 1.3.0

⬤ The cveform.mitre.org "Suggested description" field was set
to: An issue was discovered in yasm version 1.3.0. There is a
heap-buffer-overflow in inc_fopen() in
modules/preprocs/nasm/nasm-pp.c.

⛹ The cveform.mitre.org 1001319 submission was from:
cfenicey@gmail.com
-----------------------------------------------------------------------------------
29、For NULL pointer dereference in YASM 1.3.0 (github issue 173) use:

CVE-2021-33465

Suggested Description:

An issue was discovered in yasm version 1.3.0. There is a NULL pointer dereference in expand_mmacro() in modules/preprocs/nasm/nasm-pp.c.

Additional Information:

⌛ ⬤ The cveform.mitre.org "VulnerabilityType Other" field was set
to: NULL pointer dereference

⬤ The cveform.mitre.org "Affected Component" field was set to:
modules/preprocs/nasm/nasm-pp.c, expand_mmacro(), yasm.

⬤ The cveform.mitre.org "Attack Type" field was set to: Local

⬤ The cveform.mitre.org "Impact Denial of Service" field was
set to: true

⬤ The cveform.mitre.org "Attack Vectors" field was set to: To
exploit vulnerability, someone must open a crafted file, like
https://github.com/Clingto/POC/blob/master/MSA/yasm/yasm-476
0-expand_mmacro-null-pointer-deref

⬤ The cveform.mitre.org "Reference" field was set to:
https://github.com/yasm/yasm/issues/173

⬤ The cveform.mitre.org "Vendor of Product" field was set to:
https://github.com/yasm/yasm

⬤ The cveform.mitre.org "Affected Product Code Base" field was
set to: YASM 1.3.0

⬤ The cveform.mitre.org "Suggested description" field was set
to: An issue was discovered in yasm version 1.3.0. There is a
NULL pointer dereference in expand_mmacro() in
modules/preprocs/nasm/nasm-pp.c.

⛹ The cveform.mitre.org 1001319 submission was from:
cfenicey@gmail.com
-----------------------------------------------------------------------------------
30、For NULL pointer dereference in YASM 1.3.0 (github issue 172) use:

CVE-2021-33466

Suggested Description:

An issue was discovered in yasm version 1.3.0. There is a NULL pointer dereference in expand_smacro() in modules/preprocs/nasm/nasm-pp.c.

Additional Information:

⌛ ⬤ The cveform.mitre.org "VulnerabilityType Other" field was set
to: NULL pointer dereference

⬤ The cveform.mitre.org "Affected Component" field was set to:
modules/preprocs/nasm/nasm-pp.c, expand_smacro(), yasm.

⬤ The cveform.mitre.org "Attack Type" field was set to: Local

⬤ The cveform.mitre.org "Impact Denial of Service" field was
set to: true

⬤ The cveform.mitre.org "Attack Vectors" field was set to: To
exploit vulnerability, someone must open a crafted file, like
https://github.com/Clingto/POC/blob/master/MSA/yasm/yasm-435
2-expand_smacro-null-pointer-deref

⬤ The cveform.mitre.org "Reference" field was set to:
https://github.com/yasm/yasm/issues/172

⬤ The cveform.mitre.org "Vendor of Product" field was set to:
https://github.com/yasm/yasm

⬤ The cveform.mitre.org "Affected Product Code Base" field was
set to: YASM 1.3.0

⬤ The cveform.mitre.org "Suggested description" field was set
to: An issue was discovered in yasm version 1.3.0. There is a
NULL pointer dereference in expand_smacro() in
modules/preprocs/nasm/nasm-pp.c.

⛹ The cveform.mitre.org 1001319 submission was from:
cfenicey@gmail.com
-----------------------------------------------------------------------------------
31、For use-after-free in YASM 1.3.0 (github issue 163) use:

CVE-2021-33467

Suggested Description:

An issue was discovered in yasm version 1.3.0. There is a NULL pointer dereference in hash() in modules/preprocs/nasm/nasm-pp.c.

Additional Information:

⌛ ⬤ The cveform.mitre.org "VulnerabilityType Other" field was set
to: use-after-free

⬤ The cveform.mitre.org "Affected Component" field was set to:
modules/preprocs/nasm/nasm-pp.c, pp_getline(), yasm.

⬤ The cveform.mitre.org "Attack Type" field was set to: Local

⬤ The cveform.mitre.org "Impact Denial of Service" field was
set to: true

⬤ The cveform.mitre.org "Attack Vectors" field was set to: To
exploit vulnerability, someone must open a crafted file, like
https://github.com/Clingto/POC/blob/master/MSA/yasm/yasm-502
0-pp_getline-UAF

⬤ The cveform.mitre.org "Reference" field was set to:
https://github.com/yasm/yasm/issues/163

⬤ The cveform.mitre.org "Vendor of Product" field was set to:
https://github.com/yasm/yasm

⬤ The cveform.mitre.org "Affected Product Code Base" field was
set to: YASM 1.3.0

⬤ The cveform.mitre.org "Suggested description" field was set
to: An issue was discovered in yasm version 1.3.0. There is a
use-after-free in pp_getline() in
modules/preprocs/nasm/nasm-pp.c.

⛹ The cveform.mitre.org 1001319 submission was from:
cfenicey@gmail.com
-----------------------------------------------------------------------------------
32、For use-after-free in YASM 1.3.0 (github issue 162) use:

CVE-2021-33468

Suggested Description:

An issue was discovered in yasm version 1.3.0. There is a use-after-free in error() in modules/preprocs/nasm/nasm-pp.c.

Additional Information:

⌛ ⬤ The cveform.mitre.org "VulnerabilityType Other" field was set
to: use-after-free

⬤ The cveform.mitre.org "Affected Component" field was set to:
modules/preprocs/nasm/nasm-pp.c, error(), yasm.

⬤ The cveform.mitre.org "Attack Type" field was set to: Local

⬤ The cveform.mitre.org "Impact Denial of Service" field was
set to: true

⬤ The cveform.mitre.org "Attack Vectors" field was set to: To
exploit vulnerability, someone must open a crafted file, like
https://github.com/Clingto/POC/blob/master/MSA/yasm/yasm-482
6-error-UAF

⬤ The cveform.mitre.org "Reference" field was set to:
https://github.com/yasm/yasm/issues/162

⬤ The cveform.mitre.org "Vendor of Product" field was set to:
https://github.com/yasm/yasm

⬤ The cveform.mitre.org "Affected Product Code Base" field was
set to: YASM 1.3.0

⬤ The cveform.mitre.org "Suggested description" field was set
to: An issue was discovered in yasm version 1.3.0. There is a
use-after-free in error() in modules/preprocs/nasm/nasm-pp.c.

⛹ The cveform.mitre.org 1001319 submission was from:
cfenicey@gmail.com
---------------------------------------------------------------


Please do not hesitate to contact the CVE Team by replying to this email if you have any questions, or to provide more details.

Please do not change the subject line, which allows us to effectively track your request.

CVE Assignment Team 

M/S M300, 202 Burlington Road, Bedford, MA 01730 USA 

[A PGP key is available for encrypted communications at 

http://cve.mitre.org/cve/request_id.html]

{CMI: MCID12019014}