CVE-2018-16517
Severity CVSS v4.0:
Pending analysis
Type:
CWE-476
NULL Pointer Dereference
Publication date:
06/09/2018
Last modified:
10/11/2020
Description
asm/labels.c in Netwide Assembler (NASM) is prone to NULL Pointer Dereference, which allows the attacker to cause a denial of service via a crafted file.
Impact
Base Score 3.x
5.50
Severity 3.x
MEDIUM
Base Score 2.0
4.30
Severity 2.0
MEDIUM
Vulnerable products and versions
| CPE | From | Up to |
|---|---|---|
| cpe:2.3:a:nasm:netwide_assembler:*:*:*:*:*:*:*:* | 2.13.03 (including) | |
| cpe:2.3:a:nasm:netwide_assembler:2.14:rc15:*:*:*:*:*:* | ||
| cpe:2.3:a:nasm:netwide_assembler:2.14.0:rc1:*:*:*:*:*:* | ||
| cpe:2.3:a:nasm:netwide_assembler:2.14.0:rc10:*:*:*:*:*:* | ||
| cpe:2.3:a:nasm:netwide_assembler:2.14.0:rc11:*:*:*:*:*:* | ||
| cpe:2.3:a:nasm:netwide_assembler:2.14.0:rc12:*:*:*:*:*:* | ||
| cpe:2.3:a:nasm:netwide_assembler:2.14.0:rc13:*:*:*:*:*:* | ||
| cpe:2.3:a:nasm:netwide_assembler:2.14.0:rc14:*:*:*:*:*:* | ||
| cpe:2.3:a:nasm:netwide_assembler:2.14.0:rc2:*:*:*:*:*:* | ||
| cpe:2.3:a:nasm:netwide_assembler:2.14.0:rc3:*:*:*:*:*:* | ||
| cpe:2.3:a:nasm:netwide_assembler:2.14.0:rc4:*:*:*:*:*:* | ||
| cpe:2.3:a:nasm:netwide_assembler:2.14.0:rc5:*:*:*:*:*:* | ||
| cpe:2.3:a:nasm:netwide_assembler:2.14.0:rc6:*:*:*:*:*:* | ||
| cpe:2.3:a:nasm:netwide_assembler:2.14.0:rc7:*:*:*:*:*:* | ||
| cpe:2.3:a:nasm:netwide_assembler:2.14.0:rc8:*:*:*:*:*:* |
To consult the complete list of CPE names with products and versions, see this page
References to Advisories, Solutions, and Tools
- http://lists.opensuse.org/opensuse-security-announce/2020-07/msg00015.html
- http://lists.opensuse.org/opensuse-security-announce/2020-07/msg00017.html
- http://packetstormsecurity.com/files/152566/Netwide-Assembler-NASM-2.14rc15-Null-Pointer-Dereference.html
- https://bugzilla.nasm.us/show_bug.cgi?id=3392513
- https://fakhrizulkifli.github.io/CVE-2018-16517.html
- https://www.exploit-db.com/exploits/46726/