CVE-2018-19755

Published: Nov 30, 2018Modified: Nov 21, 2024

5.5

Vector

CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H

Exploitability: 1.8 / Impact: 3.6

Source: NVD

Description

There is an illegal address access at asm/preproc.c (function: is_mmacro) in Netwide Assembler (NASM) 2.14rc16 that will cause a denial of service (out-of-bounds array access) because a certain conversion can result in a negative integer.

Affected (1)

Products: Nasm: Netwide Assembler

Nasm

1 product

Netwide Assembler

Configuration A

1 vulnerable

Vulnerable Software	Affected Versions
Nasm Netwide Assembler	Version 12.14 rc16

Related CWEs

CWE-20

Improper Input Validation

The product receives input or data, but it does not validate or incorrectly validates that the input has the properties that are required to process the data safely and correctly.

References (4)

https://bugzilla.nasm.us/show_bug.cgi?id=3392528

Source: cve@mitre.org

ExploitIssue TrackingThird Party Advisory

https://repo.or.cz/nasm.git/commit/3079f7966dbed4497e36d5067cbfd896a90358cb

Source: cve@mitre.org

ExploitThird Party Advisory

https://bugzilla.nasm.us/show_bug.cgi?id=3392528

Source: af854a3a-2127-422b-91ae-364da2661108

ExploitIssue TrackingThird Party Advisory

https://repo.or.cz/nasm.git/commit/3079f7966dbed4497e36d5067cbfd896a90358cb

Source: af854a3a-2127-422b-91ae-364da2661108

ExploitThird Party Advisory

Timeline

No history available yet.