Vulnerability Details CVE-2017-17819
In Netwide Assembler (NASM) 2.14rc0, there is an illegal address access in the function find_cc() in asm/preproc.c that will cause a remote denial of service attack, because pointers associated with skip_white_ calls are not validated.
Exploit prediction scoring system (EPSS) score
EPSS Score 0.004
EPSS Ranking 61.2%
CVSS Severity
CVSS v3 Score 5.5
CVSS v2 Score 4.3
References
- http://repo.or.cz/nasm.git/commit/7524cfd91492e6e3719b959498be584a9ced13af
- https://bugzilla.nasm.us/show_bug.cgi?id=3392435
- https://usn.ubuntu.com/3694-1/
- http://repo.or.cz/nasm.git/commit/7524cfd91492e6e3719b959498be584a9ced13af
- https://bugzilla.nasm.us/show_bug.cgi?id=3392435
- https://usn.ubuntu.com/3694-1/
Products affected by CVE-2017-17819
-
cpe:2.3:a:nasm:netwide_assembler:2.14
-
cpe:2.3:o:canonical:ubuntu_linux:14.04