PT-2023-11598 · Nasm +2 · Nasm +2
Suhwan
·
Published
2023-08-22
·
Updated
2024-12-08
·
CVE-2020-21686
CVSS v3.1
5.5
5.5
Medium
| Base vector | Vector | AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H |
Name of the Vulnerable Software and Affected Versions:
nasm versions prior to 2.15.04
Description:
A stack-use-after-scope issue was discovered in the `expand mmac params` function in preproc.c, allowing remote attackers to cause a denial of service via a crafted asm file. This issue affects the `nasm` software and can be exploited by sending a specially crafted file to the affected system.
Recommendations:
For versions prior to 2.15.04, update to version 2.15.04 or later to resolve the issue. As a temporary workaround, consider restricting access to the `preproc.c` component or the `expand mmac params` function until a patch is available.
Exploit
Fix
DoS
Weakness Enumeration
Related Identifiers
ALT-PU-2024-16552
CVE-2020-21686
Affected Products
Alt Linux
Astra Linux
Nasm
References · 34
- 🔥 https://bugzilla.nasm.us/show_bug.cgi?id=3392643 · Exploit
- https://osv.dev/vulnerability/CVE-2020-21686 · Vendor Advisory
- https://ubuntu.com/security/CVE-2020-21686 · Vendor Advisory
- http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-6291 · Security Note
- https://bdu.fstec.ru/vul/2023-05881 · Security Note
- https://nvd.nist.gov/vuln/detail/CVE-2020-21686 · Security Note
- http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-14248 · Security Note
- https://cve.org/CVERecord?id=CVE-2020-21686 · Security Note
- http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-8343 · Security Note
- https://osv.dev/vulnerability/UBUNTU-CVE-2020-21686 · Vendor Advisory
- http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-6290 · Security Note
- https://security-tracker.debian.org/tracker/CVE-2020-21686 · Vendor Advisory
- https://bdu.fstec.ru/vul/2023-02141 · Security Note
- https://errata.altlinux.org/ALT-PU-2024-16552 · Vendor Advisory
- http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-20334 · Security Note