PT-2017-11747 · Nasm+2 · Netwide Assembler+2

Owl337

·

Published

2017-07-08

·

Updated

2024-06-15

·

CVE-2017-11111

CVSS v3.1

7.8

High

VectorAV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
Name of the Vulnerable Software and Affected Versions Netwide Assembler (NASM) version 2.14rc0
Description The issue allows remote attackers to cause a denial of service, which can lead to a heap-based buffer overflow and application crash, or possibly have other unspecified impacts. This can be achieved by using a crafted file.
Recommendations For Netwide Assembler (NASM) version 2.14rc0, consider avoiding the use of crafted files that could trigger the heap-based buffer overflow until a patch is available. As a temporary workaround, restrict access to potentially malicious files to minimize the risk of exploitation. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

Exploit

DoS

Buffer Overflow

Found an issue in the description? Have something to add? Feel free to write us 👾
dbugs@ptsecurity.com

Weakness Enumeration

CWE-119

Related Identifiers

CVE-2017-11111
DLA-1041-1
MGASA-2017-0294
OPENSUSE-SU-2024:11075-1
SUSE-SU-2017:2044-1
SUSE-SU-2019:14246-1
SUSE-SU-2019_14246-1
USN-3694-1

Affected Products

Netwide Assembler
Suse
Ubuntu