CVE-2022-44370

CVSS v3.1

7.8

High

Vector

AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

Name of the Vulnerable Software and Affected Versions Netwide Assembler (NASM) version 2.16

Description The issue is related to a heap buffer overflow in the quote for pmake() function of the Netwide Assembler (NASM). This overflow can occur due to the operation exceeding the memory buffer boundaries. Exploitation of this issue may allow an attacker to execute arbitrary code.

Recommendations For Netwide Assembler (NASM) version 2.16, consider disabling the quote for pmake() function as a temporary workaround until a patch is available.

Exploit

Fix

Memory Corruption

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-787

Related Identifiers

ALT-PU-2023-1613

ALT-PU-2024-16552

ALT-PU-2024-16908

AZL-25934

BDU:2023-02141

CVE-2022-44370

OESA-2023-1245

Affected Products

Alt Linux

Debian

Netwide Assembler

CVE-2022-44370

Weakness Enumeration

Related Identifiers

Affected Products

References · 19