CVE-2019-6290
First published: Tue Jan 15 2019(Updated: )
An infinite recursion issue was discovered in eval.c in Netwide Assembler (NASM) through 2.14.02. There is a stack exhaustion problem resulting from infinite recursion in the functions expr, rexp, bexpr and cexpr in certain scenarios involving lots of '{' characters. Remote attackers could leverage this vulnerability to cause a denial-of-service via a crafted asm file.
Credit: cve@mitre.org
| Affected Software | Affected Version | How to fix |
|---|---|---|
| Nasm Netwide Assembler | <=2.14.02 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
Frequently Asked Questions
What is the vulnerability ID of this issue?
The vulnerability ID of this issue is CVE-2019-6290.
What is the severity rating of CVE-2019-6290?
CVE-2019-6290 has a severity rating of medium.
Which software versions are affected by CVE-2019-6290?
Versions up to and including 2.14.02 of the Netwide Assembler (NASM) are affected by CVE-2019-6290.
What is the cause of the vulnerability in CVE-2019-6290?
The vulnerability in CVE-2019-6290 is caused by an infinite recursion issue in eval.c in Netwide Assembler (NASM).
Is there a fix available for CVE-2019-6290?
Yes, a fix for CVE-2019-6290 is available. Please refer to the provided reference link for more information.
- collector/nvd-index
- agent/author
- agent/severity
- agent/references
- agent/weakness
- agent/type
- agent/event
- agent/description
- agent/first-publish-date
- agent/last-modified-date
- agent/softwarecombine
- agent/tags
- collector/mitre-cve
- source/MITRE
- vendor/nasm
- canonical/nasm netwide assembler
- version/nasm netwide assembler/2.14.02