PT-2017-15024 · Netwide+2 · Netwide Assembler+2
Owl337
·
Publicado
2017-12-20
·
Atualizado
2024-06-15
·
CVE-2017-17819
CVSS v3.1
5.5
Média
| Vetor | AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H |
Name of the Vulnerable Software and Affected Versions
Netwide Assembler (NASM) version 2.14rc0
Description
The issue is related to an illegal address access in the
find cc() function located in asm/preproc.c. This access can lead to a remote denial of service attack. The cause is attributed to the lack of validation of pointers associated with skip white calls.Recommendations
For Netwide Assembler (NASM) version 2.14rc0, consider disabling the
find cc() function as a temporary workaround until a patch is available. Restrict access to the asm/preproc.c module to minimize the risk of exploitation. Avoid using the skip white calls in the affected API endpoint until the issue is resolved. At the moment, there is no information about a newer version that contains a fix for this vulnerability.Exploit
DoS
NULL Pointer Dereference
Encontrou algum problema na descrição? Tem algo a acrescentar? Fique à vontade para nos escrever 👾
Enumeração de Fraquezas
Identificadores relacionados
Produtos afetados
Netwide Assembler
Suse
Ubuntu