CVE-2019-20334: Uncontrolled Recursion

January 4, 2020 (updated August 24, 2020)

In Netwide Assembler (NASM), stack consumption occurs in expr# functions in asm/eval.c. This potentially affects the relationships among expr0, expr1, expr2, expr3, expr4, expr5, and expr6 (and stdscan in asm/stdscan.c). This is similar to CVE-2019-6290 and CVE-2019-6291.

References

bugzilla.nasm.us/show_bug.cgi?id=3392548
bugzilla.nasm.us/show_bug.cgi?id=3392638
nvd.nist.gov/vuln/detail/CVE-2019-20334

Code Behaviors & Features

Detect and mitigate CVE-2019-20334 with GitLab Dependency Scanning

Secure your software supply chain by verifying that all open source dependencies used in your projects contain no disclosed vulnerabilities. Learn more about Dependency Scanning →