PT-2017-13308 · Netwide+2 · Netwide Assembler+2

Owl337

Published

2017-09-09

Updated

2024-06-15

CVE-2017-14228

CVSS v3.1

5.5

Medium

Vector

AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H

Name of the Vulnerable Software and Affected Versions Netwide Assembler (NASM) version 2.14rc0

Description The issue is related to an illegal address access in the paste tokens() function in preproc.c, which can lead to a remote denial of service due to a NULL pointer dereference.

Recommendations For Netwide Assembler (NASM) version 2.14rc0, consider updating to a newer version that addresses this issue, as the current version contains a function paste tokens() that is vulnerable to a NULL pointer dereference. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

Exploit

DoS

NULL Pointer Dereference

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-476

Related Identifiers

CVE-2017-14228

OPENSUSE-SU-2024:11075-1

SUSE-SU-2019:14246-1

SUSE-SU-2019_14246-1

SUSE-SU-2020:1864-1

SUSE-SU-2020_1864-1

USN-3694-1

Affected Products

Netwide Assembler

Suse

Ubuntu

PT-2017-13308 · Netwide+2 · Netwide Assembler+2

CVE-2017-14228

Weakness Enumeration

Related Identifiers

Affected Products

References · 530