Heap Use After Free Vulnerabilities in Netwide Assembler by NASM
CVE-2017-10686

7.8HIGH

Key Information:

Vendor

Nasm

Status
Netwide Assembler
Vendor
CVE Published:
29 June 2017

What is CVE-2017-10686?

In Netwide Assembler (NASM) version 2.14rc0, multiple heap use after free vulnerabilities can be exploited. The vulnerabilities arise from the way memory is managed in the tool, particularly within the token() and detoken() functions. When heap memory allocated in token() is improperly freed in detoken(), there are risks of corrupted double-linked lists, double free or corruption scenarios, and out-of-bounds writes. These vulnerabilities heighten the potential for remote code execution attacks, posing significant security risks.

References

https://usn.ubuntu.com/3694-1/
vendor-advisoryx_refsource_UBUNTU
https://bugzilla.nasm.us/show_bug.cgi?id=3392414
x_refsource_MISC
https://security.gentoo.org/glsa/201903-19
vendor-advisoryx_refsource_GENTOO

CVSS V3.1

Score:
7.8
Severity:
HIGH
Confidentiality:
High
Integrity:
High
Availability:
High
Attack Vector:
Local
Attack Complexity:
Low
Privileges Required:
None
User Interaction:
Required
Scope:
Unchanged

Timeline

  • Vulnerability published

  • Vulnerability Reserved

.