CVE-2019-6290 — Uncontrolled Recursion in Netwide Assembler
Severity
5.5MEDIUMNVD
EPSS
0.2%
top 61.09%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
Timeline
PublishedJan 15
Latest updateMay 24
Description
An infinite recursion issue was discovered in eval.c in Netwide Assembler (NASM) through 2.14.02. There is a stack exhaustion problem resulting from infinite recursion in the functions expr, rexp, bexpr and cexpr in certain scenarios involving lots of '{' characters. Remote attackers could leverage this vulnerability to cause a denial-of-service via a crafted asm file.
CVSS vector
CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:HExploitability: 1.8 | Impact: 3.6
Affected Packages4 packages
🔴Vulnerability Details
4📋Vendor Advisories
6Microsoft▶
In Netwide Assembler (NASM) 2.14.02, stack consumption occurs in expr# functions in asm/eval.c. This potentially affects the relationships among expr0, expr1, expr2, expr3, expr4, expr5, and expr6 (an↗2020-01-14
Microsoft▶
An infinite recursion issue was discovered in eval.c in Netwide Assembler (NASM) through 2.14.02. There is a stack exhaustion problem resulting from infinite recursion in the functions expr, rexp, bex↗2019-01-08
Red Hat▶
nasm: Infinite recursion in eval.c causing stack exhaustion problem resulting in a denial of service↗2019-01-02
Debian▶
CVE-2019-6290: nasm - An infinite recursion issue was discovered in eval.c in Netwide Assembler (NASM)...↗2019