CVE-2018-8883 — Out-of-bounds Read in Nasm

Severity

7.8HIGHNVD

EPSS

0.1%

top 65.16%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Timeline

PublishedMar 20

Latest updateMay 13

Description

Netwide Assembler (NASM) 2.13.02rc2 has a buffer over-read in the parse_line function in asm/parser.c via uncontrolled access to nasm_reg_flags.

CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:HExploitability: 1.8 | Impact: 5.9

▶debiandebian/nasm< nasm 2.14-1 (bookworm)

▶Debiannasm/nasm< 2.14-1+3

GHSA

GHSA-53g3-2vvv-qww7: Netwide Assembler (NASM) 2↗2022-05-13

▶

OSV

CVE-2018-8883: Netwide Assembler (NASM) 2↗2018-03-20

▶

Debian

CVE-2018-8883: nasm - Netwide Assembler (NASM) 2.13.02rc2 has a buffer over-read in the parse_line fun...↗2018

▶

Red Hat

nasm: Buffer over-read in parse_line function in asm/parser.c↗2017-10-22

▶

Bugzilla

CVE-2018-8883 nasm: Buffer over-read in parse_line function in asm/parser.c↗2018-03-23

▶

Bugzilla

CVE-2018-8882 CVE-2018-8883 nasm: various flaws [fedora-all]↗2018-03-23

▶