Vulmon Recent Vulnerabilities Research Posts Trends Blog About Contact
6.8
CVSSv2

CVE-2008-2719

Published: 16/06/2008 Updated: 07/11/2023
CVSS v2 Base Score: 6.8 | Impact Score: 6.4 | Exploitability Score: 8.6
VMScore: 685
Vector: AV:N/AC:M/Au:N/C:P/I:P/A:P
Subscribe to Netwide Assembler

Vulnerability Summary

Off-by-one error in the ppscan function (preproc.c) in Netwide Assembler (NASM) 2.02 allows context-dependent malicious users to cause a denial of service (crash) and possibly execute arbitrary code via a crafted file that triggers a stack-based buffer overflow.

Vulnerable Product Search on Vulmon Subscribe to Product

nasm netwide assembler 2.02

Vendor Advisories

Debian CVElist Bug Report Logs: nasm: CVE-2008-2719 off-by one in ppscan
Debian Bug report logs - #486715 nasm: CVE-2008-2719 off-by one in ppscan Package: nasm; Maintainer for nasm is Anibal Monsalve Salazar <anibal@debianorg>; Source for nasm is src:nasm (PTS, buildd, popcon) Reported by: Nico Golde <nion@debianorg> Date: Tue, 17 Jun 2008 20:21:01 UTC Severity: grave Tags: patch, sec ...
Ubuntu Security Notice: nasm vulnerability
Philipp Thomas discovered that the ppscan function of nasm contained an off-by-one error If a user or automated system were tricked into assembling a specially crafted ASM file, a remote attacker could execute arbitrary commands with user privileges ...

Exploits

Exploit DB: NASM 2.0 - 'ppscan()' Off-by-One Buffer Overflow
source: wwwsecurityfocuscom/bid/29656/info NASM is prone to an off-by-one buffer-overflow vulnerability because the application fails to perform adequate boundary checks on user-supplied data Successfully exploiting this issue will allow attackers to execute arbitrary code within the context of the affected application Failed exploit a ...

References

CWE-189https://sourceforge.net/tracker/?func=detail&atid=106208&aid=1942146&group_id=6208http://www.openwall.com/lists/oss-security/2008/06/11/4http://www.openwall.com/lists/oss-security/2008/06/11/5http://secunia.com/advisories/30594http://www.mandriva.com/security/advisories?name=MDVSA-2008:120http://www.securityfocus.com/bid/29656https://sourceforge.net/project/shownotes.php?group_id=6208&release_id=606115http://www.securitytracker.com/id?1020259http://www.ubuntu.com/usn/usn-648-1http://secunia.com/advisories/32059http://www.vupen.com/english/advisories/2008/1811https://exchange.xforce.ibmcloud.com/vulnerabilities/42995http://repo.or.cz/w/nasm.git?a=commit%3Bh=76ec8e73db16f4cf1453a142d03bcc74d528f72fhttps://bugs.debian.org/cgi-bin/bugreport.cgi?bug=486715https://usn.ubuntu.com/648-1/https://nvd.nist.govhttps://www.exploit-db.com/exploits/31903/
CVSSv2
CVSSv2
CVSSv3
VMScore
Recommendations:
remote code executionCVE-2024-34909CVE-2024-3317SSTICVE-2024-3400CVE-2024-30051wirelessCVE-2024-4622CVE-2024-4908
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started

Vulmon Search

Vulmon Search is a vulnerability search engine. It gives comprehensive vulnerability information through a very simple user interface.

About

Home Recent Vulnerabilities Research Posts Trends Blog About Contact

Products

Vulmon Search Vulmon Research Vulmon Alerts Vulmap

Connect

Twitter Reddit Linkedin Facebook