All errata/p8/ALT-PU-2019-2936-1
ALT-PU-2019-2936-1

Package update nasm in branch p8

Version2.14.02-alt1
Task#236175
Published2019-10-15
Max severityHIGH
Severity:

Closed issues (3)

CVE-2018-1000667
MEDIUM5.5

NASM nasm-2.13.03 nasm- 2.14rc15 version 2.14rc15 and earlier contains a memory corruption (crashed) of nasm when handling a crafted file due to function assemble_file(inname, depend_ptr) at asm/nasm.c:482. vulnerability in function assemble_file(inname, depend_ptr) at asm/nasm.c:482. that can result in aborting/crash nasm program. This attack appear to be exploitable via a specially crafted asm file..

Published: 2018-09-06Modified: 2024-11-21
CVSS 2.0MEDIUM 4.3
CVSS:2.0/AV:N/AC:M/Au:N/C:N/I:N/A:P
CVSS 3.xMEDIUM 5.5
CVSS:3.x/CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H
References
CVE-2018-16517
MEDIUM5.5

asm/labels.c in Netwide Assembler (NASM) is prone to NULL Pointer Dereference, which allows the attacker to cause a denial of service via a crafted file.

Published: 2018-09-06Modified: 2024-11-21
CVSS 2.0MEDIUM 4.3
CVSS:2.0/AV:N/AC:M/Au:N/C:N/I:N/A:P
CVSS 3.xMEDIUM 5.5
CVSS:3.x/CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H
References
CVE-2018-19216
HIGH7.8

Netwide Assembler (NASM) before 2.13.02 has a use-after-free in detoken at asm/preproc.c.

Published: 2018-11-12Modified: 2024-11-21
CVSS 2.0MEDIUM 6.8
CVSS:2.0/AV:N/AC:M/Au:N/C:P/I:P/A:P
CVSS 3.xHIGH 7.8
CVSS:3.x/CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
References