CVE-2020-18974 — Classic Buffer Overflow in Netwide Assembler

CWE-120 — Classic Buffer Overflow CWE-119 — Improper Restriction of Operations within the Bounds of a Memory Buffer5 documents5 sources

Severity

3.3LOWNVD

OSV5.5

EPSS

0.3%

top 47.77%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Nasm Netwide Assembler Debian Nasm

Timeline

PublishedAug 25

Latest updateMay 24

Description

Buffer Overflow in Netwide Assembler (NASM) v2.15.xx allows attackers to cause a denial of service via 'crc64i' in the component 'nasmlib/crc64'. This issue is different than CVE-2019-7147.

CVSS vector

CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:LExploitability: 1.8 | Impact: 1.4

Affected Packages2 packages

▶NVDnasm/netwide_assembler2.15 — 2.15.05

▶debiandebian/nasm

🔴Vulnerability Details

GHSA

GHSA-4wgw-2p35-h26h: Buffer Overflow in Netwide Assembler (NASM) v2↗2022-05-24

▶

OSV

CVE-2020-18974: Buffer Overflow in Netwide Assembler (NASM) v2↗2021-08-25

▶

📋Vendor Advisories

Debian

CVE-2020-18974: nasm - Buffer Overflow in Netwide Assembler (NASM) v2.15.xx allows attackers to cause a...↗2020

▶

Red Hat

nasm: buffer overflow in crc64i() nasmlib/crc64.c↗2019-04-23

▶