CVE-2019-14248 — NULL Pointer Dereference in Nasm

CWE-476 — NULL Pointer Dereference7 documents6 sources

Severity

5.5MEDIUMNVD

EPSS

0.1%

top 66.50%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Nasm Debian Nasm Nasm Netwide Assembler

Timeline

PublishedJul 24

Latest updateMay 24

Description

In libnasm.a in Netwide Assembler (NASM) 2.14.xx, asm/pragma.c allows a NULL pointer dereference in process_pragma, search_pragma_list, and nasm_set_limit when "%pragma limit" is mishandled.

CVSS vector

CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:HExploitability: 1.8 | Impact: 3.6

Affected Packages3 packages

▶NVDnasm/netwide_assembler2.14 — 2.14.02

▶debiandebian/nasm< nasm 2.15.02-1 (bookworm)

▶Debiannasm/nasm< 2.15.02-1+3

🔴Vulnerability Details

GHSA

GHSA-r3fr-8q6v-c82h: In libnasm↗2022-05-24

▶

OSV

CVE-2019-14248: In libnasm↗2019-07-24

▶

📋Vendor Advisories

Red Hat

nasm: NULL pointer dereference in asm/pragma.c leading to Segmentation fault↗2019-07-24

▶

Debian

CVE-2019-14248: nasm - In libnasm.a in Netwide Assembler (NASM) 2.14.xx, asm/pragma.c allows a NULL poi...↗2019

▶

💬Community

Bugzilla

CVE-2019-14248 nasm: NULL pointer dereference in asm/pragma.c leading to Segmentation fault↗2019-07-24

▶

Bugzilla

CVE-2019-14248 nasm: NULL pointer dereference in asm/pragma.c leading to Segmentation fault [fedora-all]↗2019-07-24

▶