English | Deutsch | Español
 
Inicial ▼
Página inicial Acerca Nuestro Contáctenos Privacidad Programas de Asociados Testimonios En la Prensa Listas de Correos Abuso Developer APIs
Bookkeeping
Online ▼
Home Free Trial FAQ
Open/Create Company File Accept an Invite Order/Renew
 
Auditorias ▼
Inicial Dedicada Avanzada Estándar Periódica Sin Riesgo Escritorio Básica Sello FAQ Resumen de Precio/Funciones Ordenar Nuevas Pruebas Todas las Pruebas Confidencialidad Búsqueda de Vulnerabilidad Ejecutar Auditoría Programador IP Permissions Auditorías Personalizadas Cola Recordatorio Sellos Informes Estilos de Informes
DNS
Administrado ▼
Acerca de DNS Ordenar/Renovar Preguntas Frecuentes AUP Dynamic DNS Clients
Configurar Dominios Dynamic DNS Update Password
Monitoreo
de Redes ▼
Enterprise Avanzado Estándarr Prueba Preguntas Frecuentes Resumen de Precio/Funciones Ordenar Muestras
Configure/Status Alert Profiles
Research
Reports ▼
Home FAQ Glossary Archive
 Iniciar sesión/Registrarse 
 
 Búsqueda de    
Vulnerabilidad   		     Buscar 324607 Descripciones CVE y
145615 Descripciones de Pruebas,
accesos 10,000+ referencias cruzadas.
Pruebas   CVE   Todos  

ID de Prueba:1.3.6.1.4.1.25623.1.1.10.2020.0303
Categoría:Mageia Linux Local Security Checks
Título:Mageia: Security Advisory (MGASA-2020-0303)
Resumen:The remote host is missing an update for the 'nasm' package(s) announced via the MGASA-2020-0303 advisory.
Descripción:Summary:
The remote host is missing an update for the 'nasm' package(s) announced via the MGASA-2020-0303 advisory.

Vulnerability Insight:
Netwide Assembler (NASM) 2.13 has a stack-based buffer over-read in the disasm
function of the disasm/disasm.c file. Remote attackers could leverage this
vulnerability to cause a denial of service or possibly have unspecified other
impact via a crafted ELF file (CVE-2018-10254).

Netwide Assembler (NASM) 2.14rc0 has an endless while loop in the
assemble_file function of asm/nasm.c because of a globallineno integer
overflow (CVE-2018-10316).

Netwide Assembler (NASM) 2.14rc15 has a buffer over-read in x86/regflags.c
(CVE-2018-16382).

NASM nasm-2.13.03 nasm- 2.14rc15 version 2.14rc15 and earlier contains a
memory corruption (crashed) of nasm when handling a crafted file due to
function assemble_file(inname, depend_ptr) at asm/nasm.c:482. vulnerability in
function assemble_file(inname, depend_ptr) at asm/nasm.c:482. that can result
in aborting/crash nasm program. This attack appear to be exploitable via a
specially crafted asm file (CVE-2018-1000667).

asm/labels.c in Netwide Assembler (NASM) is prone to NULL Pointer Dereference,
which allows the attacker to cause a denial of service via a crafted file
(CVE-2018-16517).

Netwide Assembler (NASM) 2.14rc15 has an invalid memory write (segmentation
fault) in expand_smacro in preproc.c, which allows attackers to cause a denial
of service via a crafted input file (CVE-2018-16999).

Netwide Assembler (NASM) 2.14rc16 has a heap-based buffer over-read in
expand_mmac_params in asm/preproc.c for the special cases of the % and $ and !
characters (CVE-2018-19215).

Netwide Assembler (NASM) 2.14rc15 has a heap-based buffer over-read in
expand_mmac_params in asm/preproc.c for insufficient input (CVE-2018-19214).

Affected Software/OS:
'nasm' package(s) on Mageia 7.

Solution:
Please install the updated package(s).

CVSS Score:
6.8

CVSS Vector:
AV:N/AC:M/Au:N/C:P/I:P/A:P

Referencia Cruzada: Common Vulnerability Exposure (CVE) ID: CVE-2018-1000667
https://bugzilla.nasm.us/show_bug.cgi?id=3392507
https://github.com/cyrillos/nasm/issues/3
SuSE Security Announcement: openSUSE-SU-2020:0952 (Google Search)
http://lists.opensuse.org/opensuse-security-announce/2020-07/msg00017.html
SuSE Security Announcement: openSUSE-SU-2020:0954 (Google Search)
http://lists.opensuse.org/opensuse-security-announce/2020-07/msg00015.html
Common Vulnerability Exposure (CVE) ID: CVE-2018-10016
https://bugzilla.nasm.us/show_bug.cgi?id=3392473
Common Vulnerability Exposure (CVE) ID: CVE-2018-10254
https://sourceforge.net/p/nasm/bugs/561/
Common Vulnerability Exposure (CVE) ID: CVE-2018-10316
https://bugzilla.nasm.us/show_bug.cgi?id=3392474
Common Vulnerability Exposure (CVE) ID: CVE-2018-16382
https://bugzilla.nasm.us/show_bug.cgi?id=3392503
Common Vulnerability Exposure (CVE) ID: CVE-2018-16517
https://www.exploit-db.com/exploits/46726/
http://packetstormsecurity.com/files/152566/Netwide-Assembler-NASM-2.14rc15-Null-Pointer-Dereference.html
https://bugzilla.nasm.us/show_bug.cgi?id=3392513
https://fakhrizulkifli.github.io/CVE-2018-16517.html
Common Vulnerability Exposure (CVE) ID: CVE-2018-16999
https://bugzilla.nasm.us/show_bug.cgi?id=3392508
Common Vulnerability Exposure (CVE) ID: CVE-2018-19214
https://bugzilla.nasm.us/show_bug.cgi?id=3392521
https://repo.or.cz/nasm.git/commit/661f723d39e03ca6eb05d7376a43ca33db478354
Common Vulnerability Exposure (CVE) ID: CVE-2018-19215
https://bugzilla.nasm.us/show_bug.cgi?id=3392525
https://repo.or.cz/nasm.git/commit/4b5b737d4991578b1918303dc0fd9c9ab5c7ce4f
CopyrightCopyright (C) 2022 Greenbone AG

Esta es sólo una de 145615 pruebas de vulnerabilidad en nuestra serie de pruebas. Encuentre más sobre cómo ejecutar una auditoría de seguridad completa.

Para ejecutar una prueba gratuita de esta vulnerabilidad contra su sistema, regístrese ahora.



© 1998-2025 E-Soft Inc. Todos los derechos reservados.