Skip to main content

Netwide Assembler CVE-2018-1000667

MEDIUM
Buffer Overflow (CWE-119)
2018-09-06 cve@mitre.org
5.5
CVSS 3.0 · NVD
Share

Severity by source

NVD PRIMARY
5.5 MEDIUM
AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H

Primary rating from NVD · only source for this CVE.

CVSS VectorNVD

CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H
Attack Vector
Local
Attack Complexity
Low
Privileges Required
None
User Interaction
Required
Scope
Unchanged
Confidentiality
None
Integrity
None
Availability
High

Lifecycle Timeline

1
CVE Published
Sep 06, 2018 - 17:29 nvd
MEDIUM 5.5

DescriptionNVD

NASM nasm-2.13.03 nasm- 2.14rc15 version 2.14rc15 and earlier contains a memory corruption (crashed) of nasm when handling a crafted file due to function assemble_file(inname, depend_ptr) at asm/nasm.c:482. vulnerability in function assemble_file(inname, depend_ptr) at asm/nasm.c:482. that can result in aborting/crash nasm program. This attack appear to be exploitable via a specially crafted asm file..

AnalysisAI

NASM nasm-2.13.03 nasm- 2.14rc15 version 2.14rc15 and earlier contains a memory corruption (crashed) of nasm when handling a crafted file due to function assemble_file(inname, depend_ptr) at. Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Technical ContextAI

This vulnerability is classified as Buffer Overflow (CWE-119), which allows attackers to corrupt memory to execute arbitrary code or crash the application. NASM nasm-2.13.03 nasm- 2.14rc15 version 2.14rc15 and earlier contains a memory corruption (crashed) of nasm when handling a crafted file due to function assemble_file(inname, depend_ptr) at asm/nasm.c:482. vulnerability in function assemble_file(inname, depend_ptr) at asm/nasm.c:482. that can result in aborting/crash nasm program. This attack appear to be exploitable via a specially crafted asm file.. Affected products include: Nasm Netwide Assembler. Version information: version 2.14.

RemediationAI

No vendor patch is available at time of analysis. Monitor vendor advisories for updates. Use memory-safe languages or bounds-checking. Enable ASLR, DEP/NX, stack canaries. Use safe string functions.

CVE-2020-24978 CRITICAL POC
9.8 Sep 04

In NASM 2.15.04rc3, there is a double-free vulnerability in pp_tokline asm/preproc.c. Rated critical severity (CVSS 9.8)

CVE-2017-10686 HIGH POC
7.8 Jun 29

In Netwide Assembler (NASM) 2.14rc0, there are multiple heap use after free vulnerabilities in the tool nasm. Rated high

CVE-2023-31722 HIGH POC
7.8 May 17

There exists a heap buffer overflow in nasm 2.16.02rc1 (GitHub commit: b952891). Rated high severity (CVSS 7.8), this vu

CVE-2019-8343 HIGH POC
7.8 Feb 15

In Netwide Assembler (NASM) 2.14.02, there is a use-after-free in paste_tokens in asm/preproc.c. Rated high severity (CV

CVE-2018-19216 HIGH POC
7.8 Nov 12

Netwide Assembler (NASM) before 2.13.02 has a use-after-free in detoken at asm/preproc.c. Rated high severity (CVSS 7.8)

CVE-2018-19215 HIGH POC
7.8 Nov 12

Netwide Assembler (NASM) 2.14rc16 has a heap-based buffer over-read in expand_mmac_params in asm/preproc.c for the speci

CVE-2018-19214 HIGH POC
7.8 Nov 12

Netwide Assembler (NASM) 2.14rc15 has a heap-based buffer over-read in expand_mmac_params in asm/preproc.c for insuffici

CVE-2018-10254 HIGH POC
7.8 Apr 21

Netwide Assembler (NASM) 2.13 has a stack-based buffer over-read in the disasm function of the disasm/disasm.c file. Rat

CVE-2017-17818 HIGH POC
7.5 Dec 21

In Netwide Assembler (NASM) 2.14rc0, there is a heap-based buffer over-read that will cause a remote denial of service a

CVE-2017-17819 MEDIUM POC
5.5 Dec 21

In Netwide Assembler (NASM) 2.14rc0, there is an illegal address access in the function find_cc() in asm/preproc.c that

CVE-2017-17815 MEDIUM POC
5.5 Dec 21

In Netwide Assembler (NASM) 2.14rc0, there is an illegal address access in is_mmacro() in asm/preproc.c that will cause

CVE-2017-17812 MEDIUM POC
5.5 Dec 21

In Netwide Assembler (NASM) 2.14rc0, there is a heap-based buffer over-read in the function detoken() in asm/preproc.c t

Share

CVE-2018-1000667 vulnerability details – vuln.today

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy