ID CVE-2008-2719
Summary Off-by-one error in the ppscan function (preproc.c) in Netwide Assembler (NASM) 2.02 allows context-dependent attackers to cause a denial of service (crash) and possibly execute arbitrary code via a crafted file that triggers a stack-based buffer overflow.
References
Vulnerable Configurations
  • cpe:2.3:a:nasm:netwide_assembler:2.02:*:*:*:*:*:*:*
    cpe:2.3:a:nasm:netwide_assembler:2.02:*:*:*:*:*:*:*
CVSS
Base: 6.8 (as of 30-10-2018 - 16:28)
Impact:
Exploitability:
CWE CWE-189
CAPEC
Access
VectorComplexityAuthentication
NETWORK MEDIUM NONE
Impact
ConfidentialityIntegrityAvailability
PARTIAL PARTIAL PARTIAL
cvss-vector via4 AV:N/AC:M/Au:N/C:P/I:P/A:P
refmap via4
bid 29656
confirm
mandriva MDVSA-2008:120
mlist
  • [oss-security] 20080611 CVE id request: nasm off-by-one
  • [oss-security] 20080611 Re: CVE id request: nasm off-by-one
sectrack 1020259
secunia
  • 30594
  • 32059
ubuntu USN-648-1
vupen ADV-2008-1811
xf nasm-ppscan-bo(42995)
statements via4
contributor Mark J Cox
lastmodified 2008-07-04
organization Red Hat
statement Not vulnerable. These issues did not affect the versions of NASM as shipped with Red Hat Enterprise Linux 2.1, 3, 4, or 5.
Last major update 30-10-2018 - 16:28
Published 16-06-2008 - 23:41
Back to Top