5.5

CVE-2017-17812

Exploit
In Netwide Assembler (NASM) 2.14rc0, there is a heap-based buffer over-read in the function detoken() in asm/preproc.c that will cause a remote denial of service attack.
Daten sind bereitgestellt durch National Vulnerability Database (NVD)
NasmNetwide Assembler Version2.14 Updaterc0
CanonicalUbuntu Linux Version14.04 SwEditionlts
Zu dieser CVE wurde keine Warnung gefunden.
EPSS Metriken
Typ Quelle Score Percentile
EPSS FIRST.org 1.45% 0.699
CVSS Metriken
Quelle Base Score Exploit Score Impact Score Vector String
nvd@nist.gov 5.5 1.8 3.6
CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H
nvd@nist.gov 4.3 8.6 2.9
AV:N/AC:M/Au:N/C:N/I:N/A:P
CWE-125 Out-of-bounds Read

The product reads data past the end, or before the beginning, of the intended buffer.

https://usn.ubuntu.com/3694-1/
Third Party Advisory
http://repo.or.cz/nasm.git/commit/9b7ee09abfd426b99aa1ea81d19a3b2818eeabf9
Patch
Vendor Advisory
https://bugzilla.nasm.us/show_bug.cgi?id=3392424
Vendor Advisory
Exploit
Issue Tracking