CVE-2018-10254

Published: Apr 21, 2018Modified: Nov 21, 2024

7.8

Vector

CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

Exploitability: 1.8 / Impact: 5.9

Source: NVD

Description

Netwide Assembler (NASM) 2.13 has a stack-based buffer over-read in the disasm function of the disasm/disasm.c file. Remote attackers could leverage this vulnerability to cause a denial of service or possibly have unspecified other impact via a crafted ELF file.

Affected (1)

Products: Nasm: Netwide Assembler

1 product

Netwide Assembler

Configuration A

1 vulnerable

Vulnerable Software	Affected Versions
Nasm Netwide Assembler	Version 2.13

Related CWEs

Out-of-bounds Read

The product reads data past the end, or before the beginning, of the intended buffer.

References (6)

http://lists.opensuse.org/opensuse-security-announce/2020-07/msg00015.html

Source: cve@mitre.org

http://lists.opensuse.org/opensuse-security-announce/2020-07/msg00017.html

Source: cve@mitre.org

https://sourceforge.net/p/nasm/bugs/561/

Source: cve@mitre.org

ExploitThird Party Advisory

http://lists.opensuse.org/opensuse-security-announce/2020-07/msg00015.html

Source: af854a3a-2127-422b-91ae-364da2661108

http://lists.opensuse.org/opensuse-security-announce/2020-07/msg00017.html

Source: af854a3a-2127-422b-91ae-364da2661108

https://sourceforge.net/p/nasm/bugs/561/

Source: af854a3a-2127-422b-91ae-364da2661108

ExploitThird Party Advisory

Timeline

No history available yet.