CVE-2018-16999 — Out-of-bounds Write in Nasm

CWE-787 — Out-of-bounds Write CWE-119 — Improper Restriction of Operations within the Bounds of a Memory Buffer7 documents6 sources

Severity

5.5MEDIUMNVD

EPSS

0.3%

top 45.43%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Nasm Debian Nasm Nasm Netwide Assembler

Timeline

PublishedSep 13

Latest updateMay 13

Description

Netwide Assembler (NASM) 2.14rc15 has an invalid memory write (segmentation fault) in expand_smacro in preproc.c, which allows attackers to cause a denial of service via a crafted input file.

CVSS vector

CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:HExploitability: 1.8 | Impact: 3.6

Affected Packages3 packages

▶NVDnasm/netwide_assembler12.14

▶debiandebian/nasm< nasm 2.14-1 (bookworm)

▶Debiannasm/nasm< 2.14-1+3

🔴Vulnerability Details

GHSA

GHSA-2rh6-gmp4-qfj9: Netwide Assembler (NASM) 2↗2022-05-13

▶

OSV

CVE-2018-16999: Netwide Assembler (NASM) 2↗2018-09-13

▶

📋Vendor Advisories

Red Hat

nasm: Invalid memory write (segmentation fault) in expand_smacro in preproc.c↗2018-09-13

▶

Debian

CVE-2018-16999: nasm - Netwide Assembler (NASM) 2.14rc15 has an invalid memory write (segmentation faul...↗2018

▶

💬Community

Bugzilla

CVE-2018-16999 nasm: Invalid memory write (segmentation fault) in expand_smacro in preproc.c↗2018-09-17

▶

Bugzilla

CVE-2018-16999 nasm: Invalid memory write (segmentation fault) in expand_smacro in preproc.c [fedora-all]↗2018-09-17

▶