CVE-2018-16517

Published: Sep 6, 2018Modified: Nov 21, 2024

5.5

Vector

CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H

Exploitability: 1.8 / Impact: 3.6

Source: NVD

Description

asm/labels.c in Netwide Assembler (NASM) is prone to NULL Pointer Dereference, which allows the attacker to cause a denial of service via a crafted file.

Affected (16)

Products: Nasm: Netwide Assembler

1 product

Netwide Assembler

Configuration A

16 vulnerable

Vulnerable Software	Affected Versions
Nasm Netwide Assembler	Up to 2.13.03
Nasm Netwide Assembler	Version 2.14.0 rc10
Nasm Netwide Assembler	Version 2.14.0 rc11
Nasm Netwide Assembler	Version 2.14.0 rc12
Nasm Netwide Assembler	Version 2.14.0 rc13
Nasm Netwide Assembler	Version 2.14.0 rc14
Nasm Netwide Assembler	Version 2.14.0 rc1
Nasm Netwide Assembler	Version 2.14.0 rc2
Nasm Netwide Assembler	Version 2.14.0 rc3
Nasm Netwide Assembler	Version 2.14.0 rc4
Nasm Netwide Assembler	Version 2.14.0 rc5
Nasm Netwide Assembler	Version 2.14.0 rc6
Nasm Netwide Assembler	Version 2.14.0 rc7
Nasm Netwide Assembler	Version 2.14.0 rc8
Nasm Netwide Assembler	Version 2.14.0 rc9
Nasm Netwide Assembler	Version 2.14 rc15

Related CWEs

NULL Pointer Dereference

The product dereferences a pointer that it expects to be valid but is NULL.

References (12)

http://lists.opensuse.org/opensuse-security-announce/2020-07/msg00015.html

Source: cve@mitre.org

Mailing ListThird Party Advisory

http://lists.opensuse.org/opensuse-security-announce/2020-07/msg00017.html

Source: cve@mitre.org

Mailing ListThird Party Advisory

http://packetstormsecurity.com/files/152566/Netwide-Assembler-NASM-2.14rc15-Null-Pointer-Dereference.html

Source: cve@mitre.org

ExploitThird Party AdvisoryVDB Entry

https://bugzilla.nasm.us/show_bug.cgi?id=3392513

Source: cve@mitre.org

ExploitIssue TrackingThird Party Advisory

https://fakhrizulkifli.github.io/CVE-2018-16517.html

Source: cve@mitre.org

ExploitThird Party Advisory

https://www.exploit-db.com/exploits/46726/

Source: cve@mitre.org

ExploitThird Party AdvisoryVDB Entry

http://lists.opensuse.org/opensuse-security-announce/2020-07/msg00015.html

Source: af854a3a-2127-422b-91ae-364da2661108

Mailing ListThird Party Advisory

http://lists.opensuse.org/opensuse-security-announce/2020-07/msg00017.html

Source: af854a3a-2127-422b-91ae-364da2661108

Mailing ListThird Party Advisory

http://packetstormsecurity.com/files/152566/Netwide-Assembler-NASM-2.14rc15-Null-Pointer-Dereference.html

Source: af854a3a-2127-422b-91ae-364da2661108

ExploitThird Party AdvisoryVDB Entry

https://bugzilla.nasm.us/show_bug.cgi?id=3392513

Source: af854a3a-2127-422b-91ae-364da2661108

ExploitIssue TrackingThird Party Advisory

https://fakhrizulkifli.github.io/CVE-2018-16517.html

Source: af854a3a-2127-422b-91ae-364da2661108

ExploitThird Party Advisory

https://www.exploit-db.com/exploits/46726/

Source: af854a3a-2127-422b-91ae-364da2661108

ExploitThird Party AdvisoryVDB Entry

Timeline

No history available yet.