CVE-2018-19755 — Improper Input Validation in Nasm

CWE-20 — Improper Input Validation CWE-125 — Out-of-bounds Read7 documents6 sources

Severity

5.5MEDIUMNVD

EPSS

0.1%

top 66.14%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Nasm Debian Nasm Nasm Netwide Assembler

Timeline

PublishedNov 30

Latest updateMay 14

Description

There is an illegal address access at asm/preproc.c (function: is_mmacro) in Netwide Assembler (NASM) 2.14rc16 that will cause a denial of service (out-of-bounds array access) because a certain conversion can result in a negative integer.

CVSS vector

CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:HExploitability: 1.8 | Impact: 3.6

Affected Packages3 packages

▶NVDnasm/netwide_assembler12.14

▶debiandebian/nasm< nasm 2.15.02-1 (bookworm)

▶Debiannasm/nasm< 2.15.02-1+3

🔴Vulnerability Details

GHSA

GHSA-cvx6-2fc8-p5cg: There is an illegal address access at asm/preproc↗2022-05-14

▶

OSV

CVE-2018-19755: There is an illegal address access at asm/preproc↗2018-11-30

▶

📋Vendor Advisories

Red Hat

nasm: out-of-bounds array access in is_mmacro in asm/preproc.c↗2018-11-12

▶

Debian

CVE-2018-19755: nasm - There is an illegal address access at asm/preproc.c (function: is_mmacro) in Net...↗2018

▶

💬Community

Bugzilla

CVE-2018-19755 nasm: out-of-bounds array access in is_mmacro in asm/preproc.c↗2018-12-04

▶

Bugzilla

CVE-2018-19755 nasm: out-of-bounds array access in is_mmacro in asm/preproc.c [fedora-all]↗2018-12-04

▶