CVE-2017-11111Improper Restriction of Operations within the Bounds of a Memory Buffer in Nasm

CWE-119Improper Restriction of Operations within the Bounds of a Memory BufferCWE-122Heap-based Buffer Overflow14 documents7 sources
Severity
7.8HIGHNVD
NVD5.5
EPSS
0.4%
top 39.54%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
4
NasmDebian NasmCanonical Ubuntu Linux+1 more
Timeline
PublishedJul 8
Latest updateMay 14

Description

In Netwide Assembler (NASM) 2.14rc0, preproc.c allows remote attackers to cause a denial of service (heap-based buffer overflow and application crash) or possibly have unspecified other impact via a crafted file.

CVSS vector

CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:HExploitability: 1.8 | Impact: 5.9

Affected Packages3 packages

debiandebian/nasm< nasm 2.13.02-0.1 (bookworm)
Debiannasm/nasm< 2.13.02-0.1+3

Also affects: Ubuntu Linux 14.04

🔴Vulnerability Details

4
GHSA
GHSA-f6m7-4f5c-h7x7: In Netwide Assembler (NASM) 22022-05-14
GHSA
GHSA-cg73-5gq4-h5xr: In Netwide Assembler (NASM) 22022-05-14
OSV
CVE-2017-17811: In Netwide Assembler (NASM) 22017-12-21
OSV
CVE-2017-11111: In Netwide Assembler (NASM) 22017-07-08

📋Vendor Advisories

5
Ubuntu
NASM vulnerabilities2018-06-28
Red Hat
nasm: Heap-based buffer overflow in paste_tokens function in asm/preproc.c2017-12-21
Red Hat
nasm: Heap buffer overflow in the preproc.c2017-06-24
Debian
CVE-2017-11111: nasm - In Netwide Assembler (NASM) 2.14rc0, preproc.c allows remote attackers to cause ...2017
Debian
CVE-2017-17811: nasm - In Netwide Assembler (NASM) 2.14rc0, there is a heap-based buffer overflow that ...2017

💬Community

3
Bugzilla
CVE-2017-17811 nasm: Heap-based buffer overflow in paste_tokens function in asm/preproc.c2017-12-27
Bugzilla
CVE-2017-10686 CVE-2017-11111 nasm: various flaws [fedora-all]2017-07-19
Bugzilla
CVE-2017-11111 nasm: Heap buffer overflow in the preproc.c2017-07-19