PT-2018-18689 · Netwide+1 · Netwide Assembler+1

Jun

Publicado

2018-03-20

Atualizado

2020-07-13

CVE-2018-8883

CVSS v3.1

7.8

Alta

Vetor

AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Name of the Vulnerable Software and Affected Versions Netwide Assembler (NASM) version 2.13.02rc2

Description The issue is related to a buffer over-read in the parse line function, located in asm/parser.c. This occurs due to uncontrolled access to nasm reg flags.

Recommendations For Netwide Assembler (NASM) version 2.13.02rc2, consider restricting access to the parse line function in asm/parser.c until a patch is available. As a temporary workaround, avoid using the nasm reg flags variable in the affected function to minimize the risk of exploitation.

Correção

Out of bounds Read

Encontrou algum problema na descrição? Tem algo a acrescentar? Fique à vontade para nos escrever 👾

dbugs@ptsecurity.com

Enumeração de Fraquezas

CWE-125

Identificadores relacionados

CVE-2018-8883

OPENSUSE-SU-2020:0952-1

OPENSUSE-SU-2020:0954-1

OPENSUSE-SU-2020_0952-1

OPENSUSE-SU-2020_0954-1

SUSE-SU-2020:1843-1

Produtos afetados

Netwide Assembler

Suse

PT-2018-18689 · Netwide+1 · Netwide Assembler+1

CVE-2018-8883

Enumeração de Fraquezas

Identificadores relacionados

Produtos afetados

Referências · 71