CVE-2017-10686

In Netwide Assembler (NASM) 2.14rc0, there are multiple heap use after free vulnerabilities in the tool nasm. The related heap is allocated in the token() function and freed in the detoken() function (called by pp_getline()) - it is used again at multiple positions later that could cause multiple damages. For example, it causes a corrupted double-linked list in detoken(), a double free or corruption in delete_Token(), and an out-of-bounds write in detoken(). It has a high possibility to lead to a remote code execution attack.
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTNIST
7.8 HIGH
LOCAL
LOW
NONE
CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
mitreCNA
---
---
CVEADP
---
---
Base Score
CVSS 3.x
EPSS Score
Percentile: 68%
VendorProductVersion
nasmnetwide_assembler
2.14:rc0
canonicalubuntu_linux
14.04
𝑥
= Vulnerable software versions
Debian logo
Debian Releases
Debian Product
Codename
nasm
bullseye
2.15.05-1
fixed
stretch
no-dsa
jessie
no-dsa
bookworm
2.16.01-1
fixed
sid
2.16.03-1
fixed
trixie
2.16.03-1
fixed
Ubuntu logo
Ubuntu Releases
Ubuntu Product
Codename
nasm
bionic
not-affected
artful
Fixed 2.13.01-2ubuntu0.1
released
zesty
ignored
yakkety
ignored
xenial
Fixed 2.11.08-1ubuntu0.1
released
trusty
Fixed 2.10.09-1ubuntu0.1
released
Common Weakness Enumeration
References
https://bugzilla.nasm.us/show_bug.cgi?id=3392414
https://security.gentoo.org/glsa/201903-19
https://usn.ubuntu.com/3694-1/
https://bugzilla.nasm.us/show_bug.cgi?id=3392414
https://security.gentoo.org/glsa/201903-19
https://usn.ubuntu.com/3694-1/