CVE-2020-21686 — Return of Stack Variable Address in Netwide Assembler

CWE-562 — Return of Stack Variable Address CWE-416 — Use After Free5 documents5 sources

Severity

5.5MEDIUMNVD

EPSS

0.2%

top 54.27%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Nasm Nasm Netwide Assembler Debian Nasm

Timeline

PublishedAug 22

Description

A stack-use-after-scope issue discovered in expand_mmac_params function in preproc.c in nasm before 2.15.04 allows remote attackers to cause a denial of service via crafted asm file.

CVSS vector

CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:HExploitability: 1.8 | Impact: 3.6

Affected Packages3 packages

▶debiandebian/nasm< nasm 2.15.04-1 (bookworm)

▶NVDnasm/netwide_assembler< 2.15.04

▶Debiannasm/nasm< 2.15.04-1+3

🔴Vulnerability Details

OSV

CVE-2020-21686: A stack-use-after-scope issue discovered in expand_mmac_params function in preproc↗2023-08-22

▶

GHSA

GHSA-f5w2-2h32-hmg6: A stack-use-after-scope issue discovered in expand_mmac_params function in preproc↗2023-08-22

▶

📋Vendor Advisories

Red Hat

nasm: stack-use-after-scope in expand_mmac_params() in preproc.c↗2020-01-06

▶

Debian

CVE-2020-21686: nasm - A stack-use-after-scope issue discovered in expand_mmac_params function in prepr...↗2020

▶