CVE-2019-7147Out-of-bounds Read in Netwide Assembler

CWE-125Out-of-bounds ReadCWE-120Classic Buffer OverflowCWE-119Improper Restriction of Operations within the Bounds of a Memory Buffer12 documents6 sources
Severity
5.5MEDIUMNVD
NVD3.3
EPSS
0.1%
top 66.13%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
2
Nasm Netwide AssemblerDebian Nasm
Timeline
PublishedJan 29
Latest updateMay 24

Description

A buffer over-read exists in the function crc64ib in crc64.c in nasmlib in Netwide Assembler (NASM) 2.14rc16. A crafted asm input can cause segmentation faults, leading to denial-of-service.

CVSS vector

CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:HExploitability: 1.8 | Impact: 3.6

Affected Packages2 packages

NVDnasm/netwide_assembler2.152.15.05+1
debiandebian/nasm

🔴Vulnerability Details

4
GHSA
GHSA-4wgw-2p35-h26h: Buffer Overflow in Netwide Assembler (NASM) v22022-05-24
GHSA
GHSA-7gm6-pf4p-5rpc: A buffer over-read exists in the function crc64ib in crc642022-05-13
OSV
CVE-2020-18974: Buffer Overflow in Netwide Assembler (NASM) v22021-08-25
OSV
CVE-2019-7147: A buffer over-read exists in the function crc64ib in crc642019-01-29

📋Vendor Advisories

4
Debian
CVE-2020-18974: nasm - Buffer Overflow in Netwide Assembler (NASM) v2.15.xx allows attackers to cause a...2020
Red Hat
nasm: buffer overflow in crc64i() nasmlib/crc64.c2019-04-23
Red Hat
nasm: Buffer over-read in function crc64ib in crc64.c resulting in denial of service2019-01-01
Debian
CVE-2019-7147: nasm - A buffer over-read exists in the function crc64ib in crc64.c in nasmlib in Netwi...2019

💬Community

2
Bugzilla
CVE-2019-7147 nasm: Buffer over-read in function crc64ib in crc64.c resulting in denial of service [fedora-all]2019-01-30
Bugzilla
CVE-2019-7147 nasm: Buffer over-read in function crc64ib in crc64.c resulting in denial of service2019-01-30