Use-After-Free Vulnerability in Netwide Assembler by NASM
CVE-2019-8343

7.8HIGH

Key Information:

Vendor: Nasm
Status: Netwide Assembler
Vendor: CVE Published:; 15 February 2019

What is CVE-2019-8343?

A use-after-free vulnerability exists in the paste_tokens function located in the asm/preproc.c file of Netwide Assembler (NASM) version 2.14.02. This flaw could allow an attacker to manipulate application memory using invalid pointers, potentially leading to arbitrary code execution or denial of service. Users of NASM are strongly advised to upgrade to a patched version to mitigate the risks associated with this vulnerability.

References

https://bugzilla.nasm.us/show_bug.cgi?id=3392556

https://security.gentoo.org/glsa/202312-09

vendor-advisory

CVSS V3.1

Score:

7.8

Severity:

HIGH

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Local

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

Required

Scope:

Unchanged

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Feb 15, 2019
Vulnerability Reserved
Feb 15, 2019

CVE-2019-8343 Data

JSON

Nasm

What is CVE-2019-8343?

References

CVSS V3.1

Timeline