CVE-2018-19209NULL Pointer Dereference in Nasm

CWE-476NULL Pointer DereferenceCWE-400Uncontrolled Resource Consumption7 documents6 sources
Severity
5.5MEDIUMNVD
EPSS
0.1%
top 66.14%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
3
NasmDebian NasmNasm Netwide Assembler
Timeline
PublishedNov 12
Latest updateMay 14

Description

Netwide Assembler (NASM) 2.14rc15 has a NULL pointer dereference in the function find_label in asm/labels.c that will lead to a DoS attack.

CVSS vector

CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:HExploitability: 1.8 | Impact: 3.6

Affected Packages3 packages

debiandebian/nasm< nasm 2.14-1 (bookworm)
Debiannasm/nasm< 2.14-1+3

Patches

Patch: repo.or.czPatch: repo.or.cz

🔴Vulnerability Details

2
GHSA
GHSA-6gcr-47jj-9vwp: Netwide Assembler (NASM) 22022-05-14
OSV
CVE-2018-19209: Netwide Assembler (NASM) 22018-11-12

📋Vendor Advisories

2
Red Hat
nasm: NULL pointer dereference in find_label in asm/labels.c2018-10-28
Debian
CVE-2018-19209: nasm - Netwide Assembler (NASM) 2.14rc15 has a NULL pointer dereference in the function...2018

💬Community

2
Bugzilla
CVE-2018-19209 nasm: NULL pointer dereference in find_label in asm/labels.c2018-11-21
Bugzilla
CVE-2018-19209 nasm: NULL pointer dereference in find_label in asm/labels.c [fedora-all]2018-11-21