CVE-2019-6291: Uncontrolled Recursion

January 15, 2019 (updated August 24, 2020)

An issue was discovered in the function expr6 in eval.c in Netwide Assembler (NASM) There is a stack exhaustion problem caused by the expr6 function making recursive calls to itself in certain scenarios involving lots of ‘!’ or ‘+’ or ‘-’ characters. Remote attackers could leverage this vulnerability to cause a denial-of-service via a crafted asm file.

References

bugzilla.nasm.us/show_bug.cgi?id=3392549
nvd.nist.gov/vuln/detail/CVE-2019-6291

Code Behaviors & Features

Detect and mitigate CVE-2019-6291 with GitLab Dependency Scanning

Secure your software supply chain by verifying that all open source dependencies used in your projects contain no disclosed vulnerabilities. Learn more about Dependency Scanning →