Public exploit available
Public proof-of-concept or exploit code exists (ExploitDB / Metasploit / Nuclei).

CVE-2008-2719Off-by-one Error in Nasm

CWE-189CWE-193Off-by-one ErrorCWE-119Improper Restriction of Operations within the Bounds of a Memory Buffer14 documents8 sources
Severity
9.3CRITICALNVD
NVD6.8OSV6.8
EPSS
2.9%
top 13.56%
CISA KEV
Not in KEV
Exploit
PoC available
Public exploit / PoC exists
Affected products
3
NasmDebian NasmNasm Netwide Assembler
Timeline
PublishedJun 16
Latest updateMay 14

Description

Off-by-one error in the ppscan function (preproc.c) in Netwide Assembler (NASM) 2.02 allows context-dependent attackers to cause a denial of service (crash) and possibly execute arbitrary code via a crafted file that triggers a stack-based buffer overflow.

CVSS vector

AV:N/AC:M/C:P/I:P/A:PExploitability: 8.6 | Impact: 6.4

Affected Packages3 packages

NVDnasm/netwide_assembler2.03.01+1
debiandebian/nasm< nasm 2.03.01-1 (bookworm)
Debiannasm/nasm< 2.03.01-1+3

🔴Vulnerability Details

4
GHSA
GHSA-wx92-p8m2-phh4: Buffer overflow in the listing module in Netwide Assembler (NASM) before 22022-05-14
GHSA
GHSA-p426-497v-jr36: Off-by-one error in the ppscan function (preproc2022-05-01
OSV
CVE-2008-7177: Buffer overflow in the listing module in Netwide Assembler (NASM) before 22009-09-08
OSV
CVE-2008-2719: Off-by-one error in the ppscan function (preproc2008-06-16

💥Exploits & PoCs

1
Exploit-DB
NASM 2.0 - 'ppscan()' Off-by-One Buffer Overflow2008-06-21

📋Vendor Advisories

5
Ubuntu
nasm vulnerability2008-09-30
Red Hat
nasm: off-by-one error in the ppscan function2008-04-14
Debian
CVE-2008-2719: nasm - Off-by-one error in the ppscan function (preproc.c) in Netwide Assembler (NASM) ...2008
Debian
CVE-2008-7177: nasm - Buffer overflow in the listing module in Netwide Assembler (NASM) before 2.03.01...2008
Red Hat
nasm: listing module buffer overflow

💬Community

2
Bugzilla
CVE-2008-7177 nasm: listing module buffer overflow2009-09-10
Bugzilla
CVE-2008-2719 nasm: off-by-one error in the ppscan function2008-06-18