CVE-2020-21686 : A stack-use-after-scope issue discovered in expand_mmac

A stack-use-after-scope issue discovered in expand_mmac_params function in preproc.c in nasm before 2.15.04 allows remote attackers to cause a denial of service via crafted asm file.

Published 2023-08-22 19:16:14

Updated 2024-10-07 19:36:09

Source MITRE

View at NVD, CVE.org

Vulnerability category: Denial of service

Products affected by CVE-2020-21686

Nasm » Netwide Assembler
Versions before (<) 2.15.04
cpe:2.3:a:nasm:netwide_assembler:*:*:*:*:*:*:*:*
Matching versions

Exploit prediction scoring system (EPSS) score for CVE-2020-21686

EPSS FAQ

0.33%

Probability of exploitation activity in the next 30 days EPSS Score History

~ 52 %

Percentile, the proportion of vulnerabilities that are scored at or less

CVSS scores for CVE-2020-21686

Base Score	Base Severity	CVSS Vector	Exploitability Score	Impact Score	Score Source	First Seen
5.5	MEDIUM	CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H	1.8	3.6	NIST
Attack Vector: Local Attack Complexity: Low Privileges Required: None User Interaction: Required Scope: Unchanged Confidentiality: None Integrity: None Availability: High

CWE ids for CVE-2020-21686

CWE-562 Return of Stack Variable Address

A function returns the address of a stack variable, which will cause unintended program behavior, typically in the form of a crash.

Assigned by: 134c704f-9b21-4f2e-91b3-4a467353bcc0 (Secondary)

References for CVE-2020-21686

https://bugzilla.nasm.us/show_bug.cgi?id=3392643

3392643 – stack-use-after-scope in expand_mmac_params at asm/preproc.c:4931
Exploit;Issue Tracking;Vendor Advisory

Jump to

Vulnerability Details : CVE-2020-21686

Products affected by CVE-2020-21686

Exploit prediction scoring system (EPSS) score for CVE-2020-21686

CVSS scores for CVE-2020-21686

CWE ids for CVE-2020-21686

References for CVE-2020-21686