Vulmon Recent Vulnerabilities Research Posts Trends Blog About Contact
10
CVSSv2

CVE-2004-1287

Published: 10/01/2005 Updated: 22/12/2023
CVSS v2 Base Score: 10 | Impact Score: 10 | Exploitability Score: 10
VMScore: 1000
Vector: AV:N/AC:L/Au:N/C:C/I:C/A:C
Subscribe to Nasm

Vulnerability Summary

Buffer overflow in the error function in preproc.c for NASM 0.98.38 1.2 allows malicious users to execute arbitrary code via a crafted asm file, a different vulnerability than CVE-2005-1194.

Vulnerable Product Search on Vulmon Subscribe to Product

nasm netwide assembler 0.98.38

Vendor Advisories

Red Hat: nasm security update
Synopsis nasm security update Type/Severity Security Advisory: Low Topic An updated nasm package that fixes multiple security issues is now availableThis update has been rated as having low security impact by the Red HatSecurity Response Team Description NASM is an 80x86 assemblerTwo sta ...
Ubuntu Security Notice: nasm vulnerability
Jonathan Rockway discovered a locally exploitable buffer overflow in the error() function of nasm If an attacker tricked a user into assembling a malicious source file, they could exploit this to execute arbitrary code with the privileges of the user that runs nasm ...
Debian Security Advisories: DSA-623-1 nasm -- buffer overflow
Jonathan Rockway discovered a buffer overflow in nasm, the general-purpose x86 assembler, which could lead to the execution of arbitrary code when compiling a maliciously crafted assembler source file For the stable distribution (woody) this problem has been fixed in version 09828cvs-1woody2 For the unstable distribution (sid) this problem has ...

Exploits

Exploit DB: NASM 0.98.x - Error Preprocessor Directive Buffer Overflow
source: wwwsecurityfocuscom/bid/11991/info NASM is prone to a buffer overflow This condition is exposed when the application attempts to assemble a source file that contains malformed '%error' preprocessor directive arguments Since the source file may originate from an external or untrusted source, this vulnerability is considered remot ...

References

CWE-787http://tigger.uic.edu/~jlongs2/holes/nasm.txthttp://www.redhat.com/support/errata/RHSA-2005-381.htmlhttps://exchange.xforce.ibmcloud.com/vulnerabilities/18540https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11299https://access.redhat.com/errata/RHSA-2005:381https://usn.ubuntu.com/45-1/https://nvd.nist.govhttps://www.exploit-db.com/exploits/25005/
CVSSv2
CVSSv2
CVSSv3
VMScore
Recommendations:
remote code executionCVE-2024-34909CVE-2024-3317SSTICVE-2024-3400CVE-2024-30051wirelessCVE-2024-4622CVE-2024-4908
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started

Vulmon Search

Vulmon Search is a vulnerability search engine. It gives comprehensive vulnerability information through a very simple user interface.

About

Home Recent Vulnerabilities Research Posts Trends Blog About Contact

Products

Vulmon Search Vulmon Research Vulmon Alerts Vulmap

Connect

Twitter Reddit Linkedin Facebook