CVE-2019-6291

Name of the Vulnerable Software and Affected Versions Netwide Assembler (NASM) versions prior to 2.14.03

Description A stack exhaustion problem exists due to the expr6 function making recursive calls to itself in certain scenarios involving lots of '!' or '+' or '-' characters. This could allow remote attackers to cause a denial-of-service via a crafted asm file.

Recommendations For versions prior to 2.14.03, update to version 2.14.03 or later to resolve the issue. As a temporary workaround, consider restricting the use of the expr6 function in eval.c to minimize the risk of exploitation. Avoid using crafted asm files that could trigger the recursive calls until the issue is resolved.