PT-2018-9519 · Netwide Assembler+2 · Nasm+2

Situlingyun

Published

2018-09-06

Updated

2020-07-31

CVE-2018-1000667

CVSS v3.1

5.5

Medium

Vector

AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H

Name of the Vulnerable Software and Affected Versions NASM versions 2.14rc15 and earlier

Description The issue is related to a memory corruption that occurs when handling a crafted file, specifically due to the function assemble file(inname, depend ptr) at asm/nasm.c:482. This can result in the NASM program crashing. The attack appears to be exploitable via a specially crafted asm file.

Recommendations For NASM versions 2.14rc15 and earlier, consider avoiding the use of the assemble file(inname, depend ptr) function until a patch is available. As a temporary workaround, restrict the handling of crafted asm files to minimize the risk of exploitation. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

Exploit

Buffer Overflow

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-119

Related Identifiers

ALT-PU-2018-2953

CVE-2018-1000667

MGASA-2020-0303

OPENSUSE-SU-2020:0952-1

OPENSUSE-SU-2020:0954-1

OPENSUSE-SU-2020_0952-1

OPENSUSE-SU-2020_0954-1

SUSE-SU-2020:1843-1

Affected Products

Alt Linux

Nasm

Suse

PT-2018-9519 · Netwide Assembler+2 · Nasm+2

CVE-2018-1000667

Weakness Enumeration

Related Identifiers

Affected Products

References · 49