CVE-2023-51258: Missing Release of Memory after Effective Lifetime

January 18, 2024 (updated January 25, 2024)

A memory leak issue discovered in YASM v.1.3.0 allows a local attacker to cause a denial of service via the new_Token function in the modules/preprocs/nasm/nasm-pp:1512.

References

github.com/hanxuer/crashes/blob/main/yasm/04/readme.md
nvd.nist.gov/vuln/detail/CVE-2023-51258

Code Behaviors & Features

Detect and mitigate CVE-2023-51258 with GitLab Dependency Scanning

Secure your software supply chain by verifying that all open source dependencies used in your projects contain no disclosed vulnerabilities. Learn more about Dependency Scanning →