First published: Tue Jan 15 2019(Updated: )
An issue was discovered in the function expr6 in eval.c in Netwide Assembler (NASM) through 2.14.02. There is a stack exhaustion problem caused by the expr6 function making recursive calls to itself in certain scenarios involving lots of '!' or '+' or '-' characters. Remote attackers could leverage this vulnerability to cause a denial-of-service via a crafted asm file.
Credit: cve@mitre.org cve@mitre.org
Affected Software | Affected Version | How to fix |
---|---|---|
Nasm Netwide Assembler | <=2.14.02 | |
<=2.14.02 |
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
The vulnerability ID for this issue is CVE-2019-6291.
The affected software is Netwide Assembler (NASM) version 2.14.02.
This vulnerability has a severity rating of 5.5 (medium).
The CWE for this vulnerability is CWE-674.
Remote attackers can leverage this vulnerability to cause a stack exhaustion problem.