CVE-2018-19213Missing Release of Resource after Effective Lifetime in Netwide Assembler

CWE-772Missing Release of Resource after Effective LifetimeCWE-400Uncontrolled Resource Consumption7 documents6 sources
Severity
5.5MEDIUMNVD
EPSS
0.1%
top 66.14%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
2
Nasm Netwide AssemblerDebian Nasm
Timeline
PublishedNov 12
Latest updateMay 13

Description

Netwide Assembler (NASM) through 2.14rc16 has memory leaks that may lead to DoS, related to nasm_malloc in nasmlib/malloc.c.

CVSS vector

CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:HExploitability: 1.8 | Impact: 3.6

Affected Packages2 packages

debiandebian/nasm

🔴Vulnerability Details

2
GHSA
GHSA-77hf-ffhj-jgh3: Netwide Assembler (NASM) through 22022-05-13
OSV
CVE-2018-19213: Netwide Assembler (NASM) through 22018-11-12

📋Vendor Advisories

2
Red Hat
nasm: memory leaks in nasm_malloc in nasmlib/malloc.c2018-10-29
Debian
CVE-2018-19213: nasm - Netwide Assembler (NASM) through 2.14rc16 has memory leaks that may lead to DoS,...2018

💬Community

2
Bugzilla
CVE-2018-19213 nasm: memory leaks in nasm_malloc in nasmlib/malloc.c [fedora-all]2018-11-21
Bugzilla
CVE-2018-19213 nasm: memory leaks in nasm_malloc in nasmlib/malloc.c2018-11-21