FKIE_CVE-2018-16517
Vulnerability from fkie_nvd - Published: 2018-09-06 23:29 - Updated: 2024-11-21 03:52
Severity ?
Summary
asm/labels.c in Netwide Assembler (NASM) is prone to NULL Pointer Dereference, which allows the attacker to cause a denial of service via a crafted file.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| nasm | netwide_assembler | * | |
| nasm | netwide_assembler | 2.14 | |
| nasm | netwide_assembler | 2.14.0 | |
| nasm | netwide_assembler | 2.14.0 | |
| nasm | netwide_assembler | 2.14.0 | |
| nasm | netwide_assembler | 2.14.0 | |
| nasm | netwide_assembler | 2.14.0 | |
| nasm | netwide_assembler | 2.14.0 | |
| nasm | netwide_assembler | 2.14.0 | |
| nasm | netwide_assembler | 2.14.0 | |
| nasm | netwide_assembler | 2.14.0 | |
| nasm | netwide_assembler | 2.14.0 | |
| nasm | netwide_assembler | 2.14.0 | |
| nasm | netwide_assembler | 2.14.0 | |
| nasm | netwide_assembler | 2.14.0 | |
| nasm | netwide_assembler | 2.14.0 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:nasm:netwide_assembler:*:*:*:*:*:*:*:*",
"matchCriteriaId": "2F34FCFC-CEA1-43D8-BBA3-2AD1F9B2D617",
"versionEndIncluding": "2.13.03",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:nasm:netwide_assembler:2.14:rc15:*:*:*:*:*:*",
"matchCriteriaId": "F0342DFD-0DB1-4C31-A862-C476506F20E0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:nasm:netwide_assembler:2.14.0:rc1:*:*:*:*:*:*",
"matchCriteriaId": "FEEBD480-549D-444B-989C-E7443E111ED3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:nasm:netwide_assembler:2.14.0:rc10:*:*:*:*:*:*",
"matchCriteriaId": "94607208-5382-45CB-9E0E-24FB04D200F8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:nasm:netwide_assembler:2.14.0:rc11:*:*:*:*:*:*",
"matchCriteriaId": "F7E3C5C7-09E4-42A1-975F-89919BFD8547",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:nasm:netwide_assembler:2.14.0:rc12:*:*:*:*:*:*",
"matchCriteriaId": "23D65F3D-1F5A-47A8-828C-1473560AF68A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:nasm:netwide_assembler:2.14.0:rc13:*:*:*:*:*:*",
"matchCriteriaId": "5AA3BBE2-0648-49FF-8321-E90E506ECA03",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:nasm:netwide_assembler:2.14.0:rc14:*:*:*:*:*:*",
"matchCriteriaId": "83439808-E136-4A16-897E-34B8CFC9CCA6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:nasm:netwide_assembler:2.14.0:rc2:*:*:*:*:*:*",
"matchCriteriaId": "1597D549-DDBD-4333-A631-97BFBFDFA0AC",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:nasm:netwide_assembler:2.14.0:rc3:*:*:*:*:*:*",
"matchCriteriaId": "080A0929-752A-4051-85B8-C9E3AFDEFC0E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:nasm:netwide_assembler:2.14.0:rc4:*:*:*:*:*:*",
"matchCriteriaId": "D30835C7-A156-44D1-9AD2-D41ABCDDFA27",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:nasm:netwide_assembler:2.14.0:rc5:*:*:*:*:*:*",
"matchCriteriaId": "7E540236-A8D6-443C-A268-61928ACC8BD6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:nasm:netwide_assembler:2.14.0:rc6:*:*:*:*:*:*",
"matchCriteriaId": "9F8906E7-EF2A-46D1-A494-5393538069CE",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:nasm:netwide_assembler:2.14.0:rc7:*:*:*:*:*:*",
"matchCriteriaId": "CAE1ABD3-9948-4D4B-8776-992721A39207",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:nasm:netwide_assembler:2.14.0:rc8:*:*:*:*:*:*",
"matchCriteriaId": "9846285D-5907-4B59-8425-51D40ED7D0F8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:nasm:netwide_assembler:2.14.0:rc9:*:*:*:*:*:*",
"matchCriteriaId": "DD088CCE-FD7D-4C31-A141-E7C6ACB7901C",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "asm/labels.c in Netwide Assembler (NASM) is prone to NULL Pointer Dereference, which allows the attacker to cause a denial of service via a crafted file."
},
{
"lang": "es",
"value": "asm/labels.c en Netwide Assembler (NASM) es propenso a una desreferencia de puntero NULL, lo que permite que el atacante provoque una denegaci\u00f3n de servicio (DoS) mediante un archivo manipulado."
}
],
"id": "CVE-2018-16517",
"lastModified": "2024-11-21T03:52:53.770",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 4.3,
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"vectorString": "AV:N/AC:M/Au:N/C:N/I:N/A:P",
"version": "2.0"
},
"exploitabilityScore": 8.6,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": true
}
],
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"exploitabilityScore": 1.8,
"impactScore": 3.6,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2018-09-06T23:29:01.460",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2020-07/msg00015.html"
},
{
"source": "cve@mitre.org",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2020-07/msg00017.html"
},
{
"source": "cve@mitre.org",
"tags": [
"Exploit",
"Third Party Advisory",
"VDB Entry"
],
"url": "http://packetstormsecurity.com/files/152566/Netwide-Assembler-NASM-2.14rc15-Null-Pointer-Dereference.html"
},
{
"source": "cve@mitre.org",
"tags": [
"Exploit",
"Issue Tracking",
"Third Party Advisory"
],
"url": "https://bugzilla.nasm.us/show_bug.cgi?id=3392513"
},
{
"source": "cve@mitre.org",
"tags": [
"Exploit",
"Third Party Advisory"
],
"url": "https://fakhrizulkifli.github.io/CVE-2018-16517.html"
},
{
"source": "cve@mitre.org",
"tags": [
"Exploit",
"Third Party Advisory",
"VDB Entry"
],
"url": "https://www.exploit-db.com/exploits/46726/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2020-07/msg00015.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2020-07/msg00017.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit",
"Third Party Advisory",
"VDB Entry"
],
"url": "http://packetstormsecurity.com/files/152566/Netwide-Assembler-NASM-2.14rc15-Null-Pointer-Dereference.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit",
"Issue Tracking",
"Third Party Advisory"
],
"url": "https://bugzilla.nasm.us/show_bug.cgi?id=3392513"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit",
"Third Party Advisory"
],
"url": "https://fakhrizulkifli.github.io/CVE-2018-16517.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit",
"Third Party Advisory",
"VDB Entry"
],
"url": "https://www.exploit-db.com/exploits/46726/"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-476"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Loading…
Loading…
Sightings
| Author | Source | Type | Date |
|---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or observed by the user.
- Confirmed: The vulnerability has been validated from an analyst's perspective.
- Published Proof of Concept: A public proof of concept is available for this vulnerability.
- Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
- Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
- Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
- Not confirmed: The user expressed doubt about the validity of the vulnerability.
- Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.
Loading…
Loading…