Heap-based Buffer Over-read in Netwide Assembler by NASM
CVE-2018-19215

7.8HIGH

Key Information:

Vendor

Nasm

Status
Netwide Assembler
Vendor
CVE Published:
12 November 2018

What is CVE-2018-19215?

The Netwide Assembler (NASM) version 2.14rc16 is affected by a heap-based buffer over-read vulnerability found in the function expand_mmac_params located in asm/preproc.c. This vulnerability is triggered by specific character inputs including %, $, and !, potentially allowing an attacker to exploit the system in unforeseen ways. The flaw could lead to compromised data integrity or application behavior, making it imperative for users to be aware of this security concern.

References

https://bugzilla.nasm.us/show_bug.cgi?id=3392525
x_refsource_MISC
https://repo.or.cz/nasm.git/commit/4b5b737d4991578b191830...
x_refsource_MISC
http://lists.opensuse.org/opensuse-security-announce/2020...
vendor-advisoryx_refsource_SUSE

CVSS V3.1

Score:
7.8
Severity:
HIGH
Confidentiality:
High
Integrity:
High
Availability:
High
Attack Vector:
Local
Attack Complexity:
Low
Privileges Required:
None
User Interaction:
Required
Scope:
Unchanged

Timeline

  • Vulnerability published

  • Vulnerability Reserved

.