CVE-2008-2719 : Off-by-one error in the ppscan function (preproc.c) in Netwide Assembler (NASM)

Off-by-one error in the ppscan function (preproc.c) in Netwide Assembler (NASM) 2.02 allows context-dependent attackers to cause a denial of service (crash) and possibly execute arbitrary code via a crafted file that triggers a stack-based buffer overflow.

Published 2008-06-16 23:41:00

Updated 2025-04-09 00:30:58

Source MITRE

View at NVD, CVE.org

Vulnerability category: OverflowExecute codeDenial of service

Products affected by CVE-2008-2719

Nasm » Netwide Assembler » Version: 2.02
cpe:2.3:a:nasm:netwide_assembler:2.02:*:*:*:*:*:*:*
Matching versions

Exploit prediction scoring system (EPSS) score for CVE-2008-2719

EPSS FAQ

2.79%

Probability of exploitation activity in the next 30 days EPSS Score History

~ 85 %

Percentile, the proportion of vulnerabilities that are scored at or less

CVSS scores for CVE-2008-2719

Base Score	Base Severity	CVSS Vector	Exploitability Score	Impact Score	Score Source	First Seen
6.8	MEDIUM	AV:N/AC:M/Au:N/C:P/I:P/A:P	8.6	6.4	NIST
Access Vector: Network Access Complexity: Medium Authentication: None Confidentiality Impact: Partial Integrity Impact: Partial Availability Impact: Partial

CWE ids for CVE-2008-2719

CWE-189

Assigned by: nvd@nist.gov (Primary)

Vendor statements for CVE-2008-2719

Red Hat 2008-07-04

Not vulnerable. These issues did not affect the versions of NASM as shipped with Red Hat Enterprise Linux 2.1, 3, 4, or 5.

References for CVE-2008-2719

http://www.ubuntu.com/usn/usn-648-1

USN-648-1: nasm vulnerability | Ubuntu security notices | Ubuntu
http://www.openwall.com/lists/oss-security/2008/06/11/4

oss-security - CVE id request: nasm off-by-one
https://exchange.xforce.ibmcloud.com/vulnerabilities/42995

NASM ppscan() buffer overflow CVE-2008-2719 Vulnerability Report
http://www.securitytracker.com/id?1020259

Access Denied
http://www.openwall.com/lists/oss-security/2008/06/11/5

oss-security - Re: CVE id request: nasm off-by-one
https://sourceforge.net/tracker/?func=detail&atid=106208&aid=1942146&group_id=6208

The Netwide Assembler / Bugs / #349 nasm 2.02 triggers stack guard in glibc 2.7
http://www.securityfocus.com/bid/29656
http://secunia.com/advisories/30594

About Secunia Research | Flexera
Vendor Advisory
http://www.mandriva.com/security/advisories?name=MDVSA-2008:120

Mandriva
http://repo.or.cz/w/nasm.git?a=commit;h=76ec8e73db16f4cf1453a142d03bcc74d528f72f

Exploit
http://repo.or.cz/w/nasm.git?a=commit%3Bh=76ec8e73db16f4cf1453a142d03bcc74d528f72f

Public Git Hosting
http://secunia.com/advisories/32059

About Secunia Research | Flexera
https://sourceforge.net/project/shownotes.php?group_id=6208&release_id=606115

The Netwide Assembler download | SourceForge.net
http://www.vupen.com/english/advisories/2008/1811

Site en construction