Описание
An infinite loop vulnerability exists in nasm 2.16rc0 via the gpaste_tokens function.
An infinite loop flaw was found in nasm's preproc.c via paste_tokens() function. An attacker with local network access could pass a specially crafted unknown input causing an application to halt or crash leading to a denial of service.
Отчет
This issue does not affect the versions of NASM shipped with Red Hat Enterprise Linux 6 and 7, as they do not include the vulnerable code in their source code. The version of NASM shipped with Red Hat Enterprise Linux 8 is marked as won't fix because it is low priority flaw and real (non-malicious) assembler source code will never run into this problem.
Затронутые пакеты
| Платформа | Пакет | Состояние | Рекомендация | Релиз |
|---|---|---|---|---|
| Red Hat Enterprise Linux 6 | nasm | Not affected | ||
| Red Hat Enterprise Linux 7 | nasm | Not affected | ||
| Red Hat Enterprise Linux 8 | nasm | Fix deferred | ||
| Red Hat Enterprise Linux 9 | nasm | Fix deferred |
Показывать по
Дополнительная информация
Статус:
3.3 Low
CVSS3
Связанные уязвимости
An infinite loop vulnerability exists in nasm 2.16rc0 via the gpaste_tokens function.
An infinite loop vulnerability exists in nasm 2.16rc0 via the gpaste_tokens function.
An infinite loop vulnerability exists in nasm 2.16rc0 via the gpaste_t ...
An infinite loop vulnerability exists in nasm 2.16rc0 via the gpaste_tokens function.
3.3 Low
CVSS3