CVE-2018-10254: Out-of-bounds Read

April 21, 2018 (updated July 13, 2020)

Netwide Assembler (NASM) has a stack-based buffer over-read in the disasm function of the disasm/disasm.c file. Remote attackers could leverage this vulnerability to cause a denial of service or possibly have unspecified other impact via a crafted ELF file.

References

lists.opensuse.org/opensuse-security-announce/2020-07/msg00015.html
lists.opensuse.org/opensuse-security-announce/2020-07/msg00017.html
nvd.nist.gov/vuln/detail/CVE-2018-10254
sourceforge.net/p/nasm/bugs/561/

Code Behaviors & Features

Detect and mitigate CVE-2018-10254 with GitLab Dependency Scanning

Secure your software supply chain by verifying that all open source dependencies used in your projects contain no disclosed vulnerabilities. Learn more about Dependency Scanning →