Jump to:

CVE-2018-1000667

Jump to:

CVE-2018-1000667

Package nasm updated to version 2.14.01-alt1 for branch sisyphus in task 218467.

Published: 2018-09-06
Modified: 2024-11-21

CVE-2018-1000667

NASM nasm-2.13.03 nasm- 2.14rc15 version 2.14rc15 and earlier contains a memory corruption (crashed) of nasm when handling a crafted file due to function assemble_file(inname, depend_ptr) at asm/nasm.c:482. vulnerability in function assemble_file(inname, depend_ptr) at asm/nasm.c:482. that can result in aborting/crash nasm program. This attack appear to be exploitable via a specially crafted asm file..

Severity: MEDIUM (5.5) Vector: CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H

References:

openSUSE-SU-2020:0954
openSUSE-SU-2020:0954
openSUSE-SU-2020:0952
openSUSE-SU-2020:0952
https://bugzilla.nasm.us/show_bug.cgi?id=3392507
https://bugzilla.nasm.us/show_bug.cgi?id=3392507
https://github.com/cyrillos/nasm/issues/3
https://github.com/cyrillos/nasm/issues/3

Version: 2.1.0

Package nasm update in sisyphus on 2018-12-24

ALT-PU-2018-2953-1

Closed vulnerabilities

CVE-2018-1000667