PT-2018-1574 · Netwide+1 · Netwide Assembler+1

Rookie

Publicado

2018-09-13

Atualizado

2020-07-31

CVE-2018-16999

CVSS v3.1

5.5

Média

Vetor

AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H

Name of the Vulnerable Software and Affected Versions Netwide Assembler (NASM) version 2.14rc15

Description The issue is related to an invalid memory write in the expand smacro function in preproc.c, which can cause a denial of service. This is due to errors in memory deallocation. Attackers can exploit this by providing a crafted input file, leading to a segmentation fault. The estimated number of potentially affected devices is not specified.

Recommendations For Netwide Assembler (NASM) version 2.14rc15, consider avoiding the use of the expand smacro function in preproc.c until a patch is available. As a temporary workaround, restrict the input files to prevent crafted files from being processed. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

Exploit

DoS

Memory Corruption

Improper Resource Release

Encontrou algum problema na descrição? Tem algo a acrescentar? Fique à vontade para nos escrever 👾

dbugs@ptsecurity.com

Enumeração de Fraquezas

CWE-787CWE-404

Identificadores relacionados

BDU:2018-01131

CVE-2018-16999

MGASA-2020-0303

OPENSUSE-SU-2020:0952-1

OPENSUSE-SU-2020:0954-1

OPENSUSE-SU-2020_0952-1

OPENSUSE-SU-2020_0954-1

SUSE-SU-2020:1843-1

Produtos afetados

Netwide Assembler

Suse

PT-2018-1574 · Netwide+1 · Netwide Assembler+1

CVE-2018-16999

Enumeração de Fraquezas

Identificadores relacionados

Produtos afetados

Referências · 50