CVE-2018-1000886 — Improper Restriction of Operations within the Bounds of a Memory Buffer in Netwide Assembler

CWE-119 — Improper Restriction of Operations within the Bounds of a Memory Buffer CWE-122 — Heap-based Buffer Overflow7 documents6 sources

Severity

5.5MEDIUMNVD

EPSS

0.3%

top 46.59%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Nasm Netwide Assembler Debian Nasm

Timeline

PublishedDec 20

Latest updateMay 14

Description

nasm version 2.14.01rc5, 2.15 contains a Buffer Overflow vulnerability in asm/stdscan.c:130 that can result in Stack-overflow caused by triggering endless macro generation, crash the program. This attack appear to be exploitable via a crafted nasm input file.

CVSS vector

CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:HExploitability: 1.8 | Impact: 3.6

Affected Packages2 packages

▶debiandebian/nasm

▶NVDnasm/netwide_assembler2.14.01rc5, 2.15+1

🔴Vulnerability Details

GHSA

GHSA-9mxh-2hm2-fvp4: nasm version 2↗2022-05-14

▶

OSV

CVE-2018-1000886: nasm version 2↗2018-12-20

▶

📋Vendor Advisories

Red Hat

nasm: Buffer overflow in asm/stdscan.c:130 resulting in a denial of service↗2018-09-06

▶

Debian

CVE-2018-1000886: nasm - nasm version 2.14.01rc5, 2.15 contains a Buffer Overflow vulnerability in asm/st...↗2018

▶

💬Community

Bugzilla

CVE-2018-1000886 nasm: Buffer overflow in asm/stdscan.c:130 resulting in a denial of service↗2019-01-07

▶

Bugzilla

CVE-2018-1000886 CVE-2018-20535 CVE-2018-20538 nasm: various flaws [fedora-all]↗2019-01-07

▶