PT-2017-15020 · Netwide+2 · Netwide Assembler+2

Owl337

Published

2017-12-20

Updated

2024-06-15

CVE-2017-17815

CVSS v3.1

5.5

Medium

Vector

AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H

Name of the Vulnerable Software and Affected Versions Netwide Assembler (NASM) version 2.14rc0

Description The issue is related to an illegal address access in the is mmacro() function located in asm/preproc.c. This could lead to a remote denial of service attack due to the lack of a check for the relationship between the minimum and maximum parameter counts.

Recommendations For Netwide Assembler (NASM) version 2.14rc0, as a temporary workaround, consider restricting access to the is mmacro() function in asm/preproc.c until a patch is available. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

Exploit

DoS

Improper Check for Exceptional Conditions

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-754

Related Identifiers

CVE-2017-17815

MGASA-2018-0129

OPENSUSE-SU-2024:11075-1

SUSE-SU-2019:14246-1

SUSE-SU-2019_14246-1

SUSE-SU-2020:1864-1

USN-3694-1

Affected Products

Netwide Assembler

Suse

Ubuntu

PT-2017-15020 · Netwide+2 · Netwide Assembler+2

CVE-2017-17815

Weakness Enumeration

Related Identifiers

Affected Products

References · 531