CVE-2017-17820

Published: Dec 21, 2017Modified: May 13, 2026

5.5

Vector

CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H

Exploitability: 1.8 / Impact: 3.6

Source: NVD

Description

In Netwide Assembler (NASM) 2.14rc0, there is a use-after-free in pp_list_one_macro in asm/preproc.c that will lead to a remote denial of service attack, related to mishandling of operand-type errors.

Affected (2)

Products: Nasm: Netwide Assembler · Canonical: Ubuntu Linux

1 product

1 product

Configuration A

1 vulnerable

Vulnerable Software	Affected Versions
Nasm Netwide Assembler	Version 2.14 rc0

Configuration B

1 vulnerable

Vulnerable Software	Affected Versions
Canonical Ubuntu Linux	Version 14.04

Related CWEs

CWE-416

Use After Free

The product reuses or references memory after it has been freed. At some point afterward, the memory may be allocated again and saved in another pointer, while the original pointer references a location somewhere within the new allocation. Any operations using the original pointer are no longer valid because the memory "belongs" to the code that operates on the new pointer.

References (4)

https://bugzilla.nasm.us/show_bug.cgi?id=3392433

Source: cve@mitre.org

ExploitIssue TrackingThird Party AdvisoryVDB Entry

https://usn.ubuntu.com/3694-1/

Source: cve@mitre.org

Third Party Advisory

https://bugzilla.nasm.us/show_bug.cgi?id=3392433

Source: af854a3a-2127-422b-91ae-364da2661108

ExploitIssue TrackingThird Party AdvisoryVDB Entry

https://usn.ubuntu.com/3694-1/

Source: af854a3a-2127-422b-91ae-364da2661108

Third Party Advisory

Timeline

No history available yet.