CVE-2018-1000886

NameCVE-2018-1000886
Descriptionnasm version 2.14.01rc5, 2.15 contains a Buffer Overflow vulnerability in asm/stdscan.c:130 that can result in Stack-overflow caused by triggering endless macro generation, crash the program. This attack appear to be exploitable via a crafted nasm input file.
SourceCVE (at NVD; CERT, LWN, oss-sec, fulldisc, Red Hat, Ubuntu, Gentoo, SUSE bugzilla/CVE, GitHub advisories/code/issues, web search, more)

Vulnerable and fixed packages

The table below lists information on source packages.

Source PackageReleaseVersionStatus
nasm (PTS)jessie2.11.05-1vulnerable
stretch2.12.01-1vulnerable
buster2.14-1vulnerable
bullseye2.15.05-1vulnerable
bookworm2.16.01-1vulnerable
sid, trixie2.16.03-1vulnerable

The information below is based on the following data on fixed versions.

PackageTypeReleaseFixed VersionUrgencyOriginDebian Bugs
nasmsource(unstable)(unfixed)unimportant

Notes

https://bugzilla.nasm.us/show_bug.cgi?id=3392514
Crash in CLI, no security impact

Search for package or bug name: Reporting problems