Heap-Based Buffer Over-Read in Netwide Assembler by NASM
CVE-2019-20352

7.1HIGH

Key Information:

Vendor: Nasm
Status: Netwide Assembler
Vendor: CVE Published:; 6 January 2020

What is CVE-2019-20352?

A heap-based buffer over-read vulnerability exists in Netwide Assembler (NASM) 2.15rc0. This issue arises when a specially crafted .asm file is processed, leading to an overflow effect in the set_text_free function. The vulnerability can be exploited through the expand_one_smacro function in the asm/preproc.c module, potentially allowing an attacker to manipulate memory retrieval processes.

References

https://bugzilla.nasm.us/show_bug.cgi?id=3392636

x_refsource_MISC

CVSS V3.1

Score:

7.1

Severity:

HIGH

Confidentiality:

High

Integrity:

None

Availability:

High

Attack Vector:

Local

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

Required

Scope:

Unchanged

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Jan 6, 2020
Vulnerability Reserved
Jan 6, 2020

CVE-2019-20352 Data

JSON

Nasm

What is CVE-2019-20352?

References

CVSS V3.1

Timeline