CVE-2019-6290

Name of the Vulnerable Software and Affected Versions Netwide Assembler (NASM) versions prior to 2.14.03

Description An infinite recursion issue was found in the functions expr, rexp, bexpr, and cexpr in certain scenarios involving lots of '{' characters, resulting in a stack exhaustion problem. This could be leveraged by remote attackers to cause a denial-of-service via a crafted asm file.

Recommendations For versions prior to 2.14.03, update to version 2.14.03 or later to resolve the issue. As a temporary workaround, consider restricting the use of the expr, rexp, bexpr, and cexpr functions in scenarios involving lots of '{' characters to minimize the risk of exploitation.