5.5

CVE-2017-17819

Exploit
In Netwide Assembler (NASM) 2.14rc0, there is an illegal address access in the function find_cc() in asm/preproc.c that will cause a remote denial of service attack, because pointers associated with skip_white_ calls are not validated.
Daten sind bereitgestellt durch National Vulnerability Database (NVD)
NasmNetwide Assembler Version2.14 Updaterc0
CanonicalUbuntu Linux Version14.04 SwEditionlts
Zu dieser CVE wurde keine Warnung gefunden.
EPSS Metriken
Typ Quelle Score Percentile
EPSS FIRST.org 1.37% 0.683
CVSS Metriken
Quelle Base Score Exploit Score Impact Score Vector String
nvd@nist.gov 5.5 1.8 3.6
CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H
nvd@nist.gov 4.3 8.6 2.9
AV:N/AC:M/Au:N/C:N/I:N/A:P
CWE-476 NULL Pointer Dereference

The product dereferences a pointer that it expects to be valid but is NULL.

https://usn.ubuntu.com/3694-1/
Third Party Advisory
http://repo.or.cz/nasm.git/commit/7524cfd91492e6e3719b959498be584a9ced13af
Patch
Vendor Advisory
https://bugzilla.nasm.us/show_bug.cgi?id=3392435
Vendor Advisory
Exploit
Issue Tracking
Tool Signature