CVE-2022-29654: Buffer Copy without Checking Size of Input ('Classic Buffer Overflow')

August 22, 2023 (updated August 25, 2023)

Buffer overflow vulnerability in quote_for_pmake in asm/nasm.c in nasm before 2.15.05 allows attackers to cause a denial of service via crafted file.

References

gcc.gnu.org/onlinedocs/gcc/Instrumentation-Options.html
gist.github.com/naihsin/b96e2c5c2c81621b46557fd7aacd165f
nvd.nist.gov/vuln/detail/CVE-2022-29654
www.nasm.us/pub/nasm/releasebuilds/2.15.05/

Code Behaviors & Features

Detect and mitigate CVE-2022-29654 with GitLab Dependency Scanning

Secure your software supply chain by verifying that all open source dependencies used in your projects contain no disclosed vulnerabilities. Learn more about Dependency Scanning →