PT-2018-1574 · Netwide+1 · Netwide Assembler+1

Rookie

Published

2018-09-13

Updated

2020-07-31

CVE-2018-16999

CVSS v3.1

5.5

Medium

Vector

AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H

Name of the Vulnerable Software and Affected Versions Netwide Assembler (NASM) version 2.14rc15

Description The issue is related to an invalid memory write in the expand smacro function in preproc.c, which can cause a denial of service. This is due to errors in memory deallocation. Attackers can exploit this by providing a crafted input file, leading to a segmentation fault. The estimated number of potentially affected devices is not specified.

Recommendations For Netwide Assembler (NASM) version 2.14rc15, consider avoiding the use of the expand smacro function in preproc.c until a patch is available. As a temporary workaround, restrict the input files to prevent crafted files from being processed. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

Exploit

DoS

Memory Corruption

Improper Resource Release

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-787CWE-404

Related Identifiers

BDU:2018-01131

CVE-2018-16999

MGASA-2020-0303

OPENSUSE-SU-2020:0952-1

OPENSUSE-SU-2020:0954-1

OPENSUSE-SU-2020_0952-1

OPENSUSE-SU-2020_0954-1

SUSE-SU-2020:1843-1

Affected Products

Netwide Assembler

Suse

PT-2018-1574 · Netwide+1 · Netwide Assembler+1

CVE-2018-16999

Weakness Enumeration

Related Identifiers

Affected Products

References · 50