CVE-2018-8881Out-of-bounds Read in Nasm

CWE-125Out-of-bounds ReadCWE-122Heap-based Buffer Overflow7 documents7 sources
Severity
7.3HIGHNVD
EPSS
0.2%
top 55.95%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
4
NasmDebian NasmCanonical Ubuntu Linux+1 more
Timeline
PublishedMar 20
Latest updateMay 13

Description

Netwide Assembler (NASM) 2.13.02rc2 has a heap-based buffer over-read in the function tokenize in asm/preproc.c, related to an unterminated string.

CVSS vector

CVSS:3.0/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:HExploitability: 1.3 | Impact: 5.9

Affected Packages3 packages

debiandebian/nasm< nasm 2.13.02-0.1 (bookworm)
Debiannasm/nasm< 2.13.02-0.1+3

Also affects: Ubuntu Linux 14.04

🔴Vulnerability Details

2
GHSA
GHSA-x2vw-jwp7-h598: Netwide Assembler (NASM) 22022-05-13
OSV
CVE-2018-8881: Netwide Assembler (NASM) 22018-03-20

📋Vendor Advisories

3
Ubuntu
NASM vulnerabilities2018-06-28
Debian
CVE-2018-8881: nasm - Netwide Assembler (NASM) 2.13.02rc2 has a heap-based buffer over-read in the fun...2018
Red Hat
nasm: Heap overflow in function tokenize in asm/preproc.c2017-10-18

💬Community

1
Bugzilla
CVE-2018-8881 nasm: Heap overflow in function tokenize in asm/preproc.c2018-03-23