Skip to main content

Netwide Assembler CVE-2023-31722

HIGH
Out-of-bounds Write (CWE-787)
2023-05-17 cve@mitre.org
7.8
CVSS 3.1 · NVD
Share

Severity by source

NVD PRIMARY
7.8 HIGH
AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

Primary rating from NVD · only source for this CVE.

CVSS VectorNVD

CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
Attack Vector
Local
Attack Complexity
Low
Privileges Required
None
User Interaction
Required
Scope
Unchanged
Confidentiality
High
Integrity
High
Availability
High

Lifecycle Timeline

1
CVE Published
May 17, 2023 - 14:15 nvd
HIGH 7.8

DescriptionNVD

There exists a heap buffer overflow in nasm 2.16.02rc1 (GitHub commit: b952891).

AnalysisAI

There exists a heap buffer overflow in nasm 2.16.02rc1 (GitHub commit: b952891). Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Technical ContextAI

This vulnerability is classified as Out-of-bounds Write (CWE-787), which allows attackers to write data beyond allocated buffer boundaries leading to code execution or crashes. There exists a heap buffer overflow in nasm 2.16.02rc1 (GitHub commit: b952891). Affected products include: Nasm Netwide Assembler.

RemediationAI

No vendor patch is available at time of analysis. Monitor vendor advisories for updates. Validate write boundaries, use memory-safe languages, enable compiler protections (ASLR, stack canaries).

CVE-2020-24978 CRITICAL POC
9.8 Sep 04

In NASM 2.15.04rc3, there is a double-free vulnerability in pp_tokline asm/preproc.c. Rated critical severity (CVSS 9.8)

CVE-2017-10686 HIGH POC
7.8 Jun 29

In Netwide Assembler (NASM) 2.14rc0, there are multiple heap use after free vulnerabilities in the tool nasm. Rated high

CVE-2019-8343 HIGH POC
7.8 Feb 15

In Netwide Assembler (NASM) 2.14.02, there is a use-after-free in paste_tokens in asm/preproc.c. Rated high severity (CV

CVE-2018-19216 HIGH POC
7.8 Nov 12

Netwide Assembler (NASM) before 2.13.02 has a use-after-free in detoken at asm/preproc.c. Rated high severity (CVSS 7.8)

CVE-2018-19215 HIGH POC
7.8 Nov 12

Netwide Assembler (NASM) 2.14rc16 has a heap-based buffer over-read in expand_mmac_params in asm/preproc.c for the speci

CVE-2018-19214 HIGH POC
7.8 Nov 12

Netwide Assembler (NASM) 2.14rc15 has a heap-based buffer over-read in expand_mmac_params in asm/preproc.c for insuffici

CVE-2018-10254 HIGH POC
7.8 Apr 21

Netwide Assembler (NASM) 2.13 has a stack-based buffer over-read in the disasm function of the disasm/disasm.c file. Rat

CVE-2017-17818 HIGH POC
7.5 Dec 21

In Netwide Assembler (NASM) 2.14rc0, there is a heap-based buffer over-read that will cause a remote denial of service a

CVE-2017-17819 MEDIUM POC
5.5 Dec 21

In Netwide Assembler (NASM) 2.14rc0, there is an illegal address access in the function find_cc() in asm/preproc.c that

CVE-2017-17815 MEDIUM POC
5.5 Dec 21

In Netwide Assembler (NASM) 2.14rc0, there is an illegal address access in is_mmacro() in asm/preproc.c that will cause

CVE-2017-17812 MEDIUM POC
5.5 Dec 21

In Netwide Assembler (NASM) 2.14rc0, there is a heap-based buffer over-read in the function detoken() in asm/preproc.c t

CVE-2017-17810 MEDIUM POC
5.5 Dec 21

In Netwide Assembler (NASM) 2.14rc0, there is a "SEGV on unknown address" that will cause a remote denial of service att

Share

CVE-2023-31722 vulnerability details – vuln.today

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy