CVE-2018-1000667

EUVD-2018-1996
NASM nasm-2.13.03 nasm- 2.14rc15 version 2.14rc15 and earlier contains a memory corruption (crashed) of nasm when handling a crafted file due to function assemble_file(inname, depend_ptr) at asm/nasm.c:482. vulnerability in function assemble_file(inname, depend_ptr) at asm/nasm.c:482. that can result in aborting/crash nasm program. This attack appear to be exploitable via a specially crafted asm file..
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTPrimary
5.5 MEDIUM
LOCAL
LOW
NONE
CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H
Base Score
CVSS 3.x
EPSS Score
Percentile: 42%
Affected Products (NVD)
VendorProductVersion
nasmnetwide_assembler
𝑥
≤ 2.14.0
nasmnetwide_assembler
2.14.0:rc1
nasmnetwide_assembler
2.14.0:rc10
nasmnetwide_assembler
2.14.0:rc11
nasmnetwide_assembler
2.14.0:rc12
nasmnetwide_assembler
2.14.0:rc13
nasmnetwide_assembler
2.14.0:rc14
nasmnetwide_assembler
2.14.0:rc15
nasmnetwide_assembler
2.14.0:rc2
nasmnetwide_assembler
2.14.0:rc3
nasmnetwide_assembler
2.14.0:rc4
nasmnetwide_assembler
2.14.0:rc5
nasmnetwide_assembler
2.14.0:rc6
nasmnetwide_assembler
2.14.0:rc7
nasmnetwide_assembler
2.14.0:rc8
nasmnetwide_assembler
2.14.0:rc9
𝑥
= Vulnerable software versions
Debian logo
Debian Releases
Debian Product
Codename
nasm
bookworm
2.16.01-1
fixed
bullseye
2.15.05-1
fixed
sid
2.16.03-1
fixed
trixie
2.16.03-1
fixed
Ubuntu logo
Ubuntu Releases
Ubuntu Product
Codename
nasm
bionic
needed
cosmic
ignored
disco
not-affected
eoan
ignored
focal
needed
groovy
ignored
hirsute
ignored
impish
ignored
jammy
needed
kinetic
ignored
lunar
ignored
mantic
ignored
noble
needed
trusty
dne
xenial
needed
Common Weakness Enumeration
References
http://lists.opensuse.org/opensuse-security-announce/2020-07/msg00015.html
http://lists.opensuse.org/opensuse-security-announce/2020-07/msg00017.html
https://bugzilla.nasm.us/show_bug.cgi?id=3392507
https://github.com/cyrillos/nasm/issues/3
http://lists.opensuse.org/opensuse-security-announce/2020-07/msg00015.html
http://lists.opensuse.org/opensuse-security-announce/2020-07/msg00017.html
https://bugzilla.nasm.us/show_bug.cgi?id=3392507
https://github.com/cyrillos/nasm/issues/3