Primary

Context

Yasm NULL Pointer Dereference Vulnerability in yasm_section_bcs_append Function

Vulnerability

A NULL pointer dereference vulnerability has been identified in Yasm commit 9defefae. The issue arises in the yasm_section_bcs_append function within section.c, where a NULL pointer is improperly handled, leading to a segmentation fault.

Impact

Exploitation of this vulnerability causes a segmentation fault, terminating the process due to an invalid memory access.

Reproduction

The vulnerability can be reproduced by building Yasm with AddressSanitizer enabled, and then running Yasm with a proof-of-concept file that triggers the NULL pointer dereference. The proof-of-concept file can be found in the 'TimChan2001/pocs' repository on GitHub.

Remediation

Users can update to the latest version of Yasm, where this vulnerability has been fixed.

Added: Jun 9, 2025, 7:46 PM

Updated: Jun 9, 2025, 7:46 PM

Vulnerability Rating

Custom Algorithm

spread

2.4

impact

2.5

exploitability

6.0

remediation

0.0

relevance

0.0

threat

6.4

urgency

2.9

incentive

0.8

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Vulnerability Rating

Custom Algorithm

spread

2.4

impact

2.5

exploitability

6.0

remediation

0.0

relevance

0.0

threat

6.4

urgency

2.9

incentive

0.8

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Yasm NULL Pointer Dereference Vulnerability in yasm_section_bcs_append Function

Vulnerability

Impact

Reproduction

Remediation

Affected Products

yasm

CVSS Scores

References

Vulnerability Rating

Vulnerability Rating