CVE-2017-17812Out-of-bounds Read in Nasm

CWE-125Out-of-bounds Read8 documents7 sources
Severity
5.5MEDIUMNVD
EPSS
0.2%
top 58.22%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
4
NasmDebian NasmCanonical Ubuntu Linux+1 more
Timeline
PublishedDec 21
Latest updateMay 13

Description

In Netwide Assembler (NASM) 2.14rc0, there is a heap-based buffer over-read in the function detoken() in asm/preproc.c that will cause a remote denial of service attack.

CVSS vector

CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:HExploitability: 1.8 | Impact: 3.6

Affected Packages3 packages

debiandebian/nasm< nasm 2.13.02-0.1 (bookworm)
Debiannasm/nasm< 2.13.02-0.1+3

Also affects: Ubuntu Linux 14.04

Patches

Patch: repo.or.czPatch: repo.or.cz

🔴Vulnerability Details

2
GHSA
GHSA-8rq5-cphq-cc83: In Netwide Assembler (NASM) 22022-05-13
OSV
CVE-2017-17812: In Netwide Assembler (NASM) 22017-12-21

📋Vendor Advisories

3
Ubuntu
NASM vulnerabilities2018-06-28
Red Hat
nasm: Heap-based buffer over-read in detoken function in asm/preproc.c2017-12-21
Debian
CVE-2017-17812: nasm - In Netwide Assembler (NASM) 2.14rc0, there is a heap-based buffer over-read in t...2017

💬Community

2
Bugzilla
CVE-2017-17810 CVE-2017-17811 CVE-2017-17812 CVE-2017-17813 CVE-2017-17814 CVE-2017-17815 CVE-2017-17816 CVE-2017-17817 CVE-2017-17818 CVE-2017-17819 CVE-2017-17820 nasm: various flaws [fedora-all]2017-12-27
Bugzilla
CVE-2017-17812 nasm: Heap-based buffer over-read in detoken function in asm/preproc.c2017-12-27