Published: 15/01/2019 Updated: 24/08/2020

CVSS v2 Base Score: 4.3 | Impact Score: 2.9 | Exploitability Score: 8.6

CVSS v3 Base Score: 5.5 | Impact Score: 3.6 | Exploitability Score: 1.8

VMScore: 385

Vector: AV:N/AC:M/Au:N/C:N/I:N/A:P

An issue exists in the function expr6 in eval.c in Netwide Assembler (NASM) up to and including 2.14.02. There is a stack exhaustion problem caused by the expr6 function making recursive calls to itself in certain scenarios involving lots of '!' or '+' or '-' characters. Remote attackers could leverage this vulnerability to cause a denial-of-service via a crafted asm file.

Vulnerable Product	Search on Vulmon	Subscribe to Product
nasm netwide assembler

An issue was discovered in the function expr6 in evalc in Netwide Assembler (NASM) through 21402 There is a stack exhaustion problem caused by the expr6 function making recursive calls to itself in certain scenarios involving lots of '!' or '+' or '-' characters Remote attackers could leverage this vulnerability to cause a denial-of-service vi ...

CWE-674 https://bugzilla.nasm.us/show_bug.cgi?id=3392549 https://nvd.nist.gov https://access.redhat.com/security/cve/cve-2019-6291

CVE-2019-6291

Vulnerability Summary

Vulnerability Trend

Vendor Advisories

References

Vulmon Search

About

Products

Connect