CVE-2017-10686

EUVD-2017-2333

29.06.2017, 23:29

In Netwide Assembler (NASM) 2.14rc0, there are multiple heap use after free vulnerabilities in the tool nasm. The related heap is allocated in the token() function and freed in the detoken() function (called by pp_getline()) - it is used again at multiple positions later that could cause multiple damages. For example, it causes a corrupted double-linked list in detoken(), a double free or corruption in delete_Token(), and an out-of-bounds write in detoken(). It has a high possibility to lead to a remote code execution attack.

Provider	Type	Base Score	Atk. Vector	Atk. Complexity	Priv. Required	Vector
NIST	Primary	7.8 HIGH	LOCAL	LOW	NONE	CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

Base Score

CVSS 3.x

EPSS Score

Percentile: 63%

Affected Products (NVD)

Vendor	Product	Version
nasm	netwide_assembler	2.14:rc0
canonical	ubuntu_linux	14.04

𝑥

= Vulnerable software versions

Debian Releases

Debian Product

Codename

nasm

bookworm	2.16.01-1 fixed
bullseye	2.15.05-1 fixed
jessie	no-dsa
sid	2.16.03-1 fixed
stretch	no-dsa
trixie	2.16.03-1 fixed

Ubuntu Releases

Ubuntu Product

Codename

nasm

artful	Fixed 2.13.01-2ubuntu0.1 released
bionic	not-affected
trusty	Fixed 2.10.09-1ubuntu0.1 released
xenial	Fixed 2.11.08-1ubuntu0.1 released
yakkety	ignored
zesty	ignored

Known Exploits!

Common Weakness Enumeration

CWE-416 - Use After Free
Referencing memory after it has been freed can cause a program to crash, use unexpected values, or execute code.

References

https://bugzilla.nasm.us/show_bug.cgi?id=3392414

https://security.gentoo.org/glsa/201903-19

https://usn.ubuntu.com/3694-1/

https://bugzilla.nasm.us/show_bug.cgi?id=3392414

https://security.gentoo.org/glsa/201903-19

https://usn.ubuntu.com/3694-1/