CVE-2022-44370 — Out-of-bounds Write in Netwide Assembler

Severity

7.8HIGHNVD

EPSS

0.1%

top 81.93%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Timeline

PublishedMar 29

Latest updateFeb 15

Description

NASM v2.16 was discovered to contain a heap buffer overflow in the component quote_for_pmake() asm/nasm.c:856

CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:HExploitability: 1.8 | Impact: 5.9

▶debiandebian/nasm< nasm 2.16.01-1 (bookworm)

▶Debiannasm/nasm< 2.16.01-1+2

GHSA

GHSA-5hm2-2whx-4749: NASM v2↗2023-03-29

▶

OSV

CVE-2022-44370: NASM v2↗2023-03-29

▶

CISA ICS

Siemens SCALANCE XCM-/XRM-300↗2024-02-15

▶

Microsoft

NASM v2.16 was discovered to contain a heap buffer overflow in the component quote_for_pmake() asm/nasm.c:856↗2023-03-14

▶

Red Hat

nasm: heap buffer overflow in quote_for_pmake() in asm/nasm.c↗2022-10-02

▶

Debian

CVE-2022-44370: nasm - NASM v2.16 was discovered to contain a heap buffer overflow in the component quo...↗2022

▶