CVE-2017-10686Use After Free in Nasm

CWE-416Use After Free11 documents8 sources
Severity
7.8HIGHNVD
EPSS
0.5%
top 36.00%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
4
NasmDebian NasmCanonical Ubuntu Linux+1 more
Timeline
PublishedJun 29
Latest updateMay 14

Description

In Netwide Assembler (NASM) 2.14rc0, there are multiple heap use after free vulnerabilities in the tool nasm. The related heap is allocated in the token() function and freed in the detoken() function (called by pp_getline()) - it is used again at multiple positions later that could cause multiple damages. For example, it causes a corrupted double-linked list in detoken(), a double free or corruption in delete_Token(), and an out-of-bounds write in detoken(). It has a high possibility to lead to

CVSS vector

CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:HExploitability: 1.8 | Impact: 5.9

Affected Packages3 packages

debiandebian/nasm< nasm 2.13.02-0.1 (bookworm)
Debiannasm/nasm< 2.13.02-0.1+3

Also affects: Ubuntu Linux 14.04

Patches

Patch: bugzilla.nasm.usPatch: bugzilla.nasm.us

🔴Vulnerability Details

2
GHSA
GHSA-vppv-9vcp-9fcg: In Netwide Assembler (NASM) 22022-05-14
OSV
CVE-2017-10686: In Netwide Assembler (NASM) 22017-06-29

📋Vendor Advisories

4
Red Hat
nasm: use-after-free in detoken at asm/preproc.c2018-08-28
Ubuntu
NASM vulnerabilities2018-06-28
Red Hat
nasm: Use-after-free in the detoken() function2017-06-24
Debian
CVE-2017-10686: nasm - In Netwide Assembler (NASM) 2.14rc0, there are multiple heap use after free vuln...2017

📄Research Papers

1
arXiv
Binary-level Directed Fuzzing for Use-After-Free Vulnerabilities2020-08-17

💬Community

3
Bugzilla
CVE-2018-19216 nasm: use-after-free in detoken at asm/preproc.c2018-11-21
Bugzilla
CVE-2017-10686 nasm: Use-after-free in the detoken() function2017-07-19
Bugzilla
CVE-2017-10686 CVE-2017-11111 nasm: various flaws [fedora-all]2017-07-19