Vulnerability Details : CVE-2018-19755
There is an illegal address access at asm/preproc.c (function: is_mmacro) in Netwide Assembler (NASM) 2.14rc16 that will cause a denial of service (out-of-bounds array access) because a certain conversion can result in a negative integer.
Vulnerability category: Input validationDenial of service
Products affected by CVE-2018-19755
- cpe:2.3:a:nasm:netwide_assembler:12.14:rc16:*:*:*:*:*:*
Exploit prediction scoring system (EPSS) score for CVE-2018-19755
0.06%
Probability of exploitation activity in the next 30 days
EPSS Score History
~ 30 %
Percentile, the proportion of vulnerabilities that are scored at or less
CVSS scores for CVE-2018-19755
Base Score | Base Severity | CVSS Vector | Exploitability Score | Impact Score | Score Source | First Seen |
---|---|---|---|---|---|---|
4.3
|
MEDIUM | AV:N/AC:M/Au:N/C:N/I:N/A:P |
8.6
|
2.9
|
NIST | |
5.5
|
MEDIUM | CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H |
1.8
|
3.6
|
NIST |
CWE ids for CVE-2018-19755
-
The product receives input or data, but it does not validate or incorrectly validates that the input has the properties that are required to process the data safely and correctly.Assigned by: nvd@nist.gov (Primary)
References for CVE-2018-19755
-
https://bugzilla.nasm.us/show_bug.cgi?id=3392528
3392528 – There is an illegal address access at asm/preproc.c:4677(function:is_mmacro) in nasm2.14rc16 that will cause dos attack.Exploit;Issue Tracking;Third Party Advisory
-
https://repo.or.cz/nasm.git/commit/3079f7966dbed4497e36d5067cbfd896a90358cb
Public Git Hosting - nasm.git/commitExploit;Third Party Advisory
Jump to