PT-2017-15024 · Netwide+2 · Netwide Assembler+2
Owl337
·
Published
2017-12-20
·
Updated
2024-06-15
·
CVE-2017-17819
CVSS v3.1
5.5
Medium
| Vector | AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H |
Name of the Vulnerable Software and Affected Versions
Netwide Assembler (NASM) version 2.14rc0
Description
The issue is related to an illegal address access in the
find cc() function located in asm/preproc.c. This access can lead to a remote denial of service attack. The cause is attributed to the lack of validation of pointers associated with skip white calls.Recommendations
For Netwide Assembler (NASM) version 2.14rc0, consider disabling the
find cc() function as a temporary workaround until a patch is available. Restrict access to the asm/preproc.c module to minimize the risk of exploitation. Avoid using the skip white calls in the affected API endpoint until the issue is resolved. At the moment, there is no information about a newer version that contains a fix for this vulnerability.Exploit
DoS
NULL Pointer Dereference
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Netwide Assembler
Suse
Ubuntu