Heap-Based Buffer Over-Read in Netwide Assembler Affects Remote Service Availability
CVE-2017-17818

7.5HIGH

Key Information:

Vendor: Nasm
Status: Netwide Assembler
Vendor: CVE Published:; 21 December 2017

What is CVE-2017-17818?

In version 2.14rc0 of Netwide Assembler (NASM), a heap-based buffer over-read occurs due to insufficient validation in the paste_tokens function within asm/preproc.c. This vulnerability can be exploited to orchestrate a remote denial of service attack, potentially destabilizing the application and affecting service availability for users.

References

https://usn.ubuntu.com/3694-1/

vendor-advisoryx_refsource_UBUNTU

https://bugzilla.nasm.us/show_bug.cgi?id=3392428

x_refsource_MISC

CVSS V3.1

Score:

7.5

Severity:

HIGH

Confidentiality:

None

Integrity:

None

Availability:

None

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

None

Scope:

Unchanged

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Dec 21, 2017
Vulnerability Reserved
Dec 20, 2017

CVE-2017-17818 Data

JSON

Nasm

What is CVE-2017-17818?

References

CVSS V3.1

Timeline