CVE-2018-8882Improper Restriction of Operations within the Bounds of a Memory Buffer in Nasm

CWE-119Improper Restriction of Operations within the Bounds of a Memory BufferCWE-121Stack-based Buffer Overflow7 documents6 sources
Severity
7.8HIGHNVD
EPSS
0.1%
top 65.16%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
3
NasmDebian NasmNasm Netwide Assembler
Timeline
PublishedMar 20
Latest updateMay 13

Description

Netwide Assembler (NASM) 2.13.02rc2 has a stack-based buffer under-read in the function ieee_shr in asm/float.c via a large shift value.

CVSS vector

CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:HExploitability: 1.8 | Impact: 5.9

Affected Packages3 packages

debiandebian/nasm< nasm 2.14-1 (bookworm)
Debiannasm/nasm< 2.14-1+3

🔴Vulnerability Details

2
GHSA
GHSA-3pgv-pw29-xppm: Netwide Assembler (NASM) 22022-05-13
OSV
CVE-2018-8882: Netwide Assembler (NASM) 22018-03-20

📋Vendor Advisories

2
Debian
CVE-2018-8882: nasm - Netwide Assembler (NASM) 2.13.02rc2 has a stack-based buffer under-read in the f...2018
Red Hat
nasm: Stack buffer underflow in function ieee_shr at source file asm/float.c2017-10-18

💬Community

2
Bugzilla
CVE-2018-8882 CVE-2018-8883 nasm: various flaws [fedora-all]2018-03-23
Bugzilla
CVE-2018-8882 nasm: Stack buffer underflow in function ieee_shr at source file asm/float.c2018-03-23