CVE-2018-1000667: Improper Restriction of Operations within the Bounds of a Memory Buffer

September 6, 2018 (updated July 13, 2020)

NASM nasm-2.13.03 nasm- rc15 rc15 contains a memory corruption (crashed) of nasm when handling a crafted file due to function assemble_file(inname, depend_ptr) at asm/nasm.c:482. vulnerability in function assemble_file(inname, depend_ptr) at asm/nasm.c:482. that can result in aborting/crash nasm program. This attack appear to be exploitable via a specially crafted asm file..

References

lists.opensuse.org/opensuse-security-announce/2020-07/msg00015.html
lists.opensuse.org/opensuse-security-announce/2020-07/msg00017.html
bugzilla.nasm.us/show_bug.cgi?id=3392507
github.com/cyrillos/nasm/issues/3
nvd.nist.gov/vuln/detail/CVE-2018-1000667

Code Behaviors & Features

Detect and mitigate CVE-2018-1000667 with GitLab Dependency Scanning

Secure your software supply chain by verifying that all open source dependencies used in your projects contain no disclosed vulnerabilities. Learn more about Dependency Scanning →