English | Deutsch | Español
 
Home ▼
Home About Us Contact Us Privacy Partner Programs Testimonials In Press Mailing Lists Abuse Developer APIs
Bookkeeping
Online ▼
Home Free Trial FAQ
Open/Create Company File Accept an Invite Order/Renew
Security
Audits ▼
Home Dedicated audits Advanced audits Standard audits Recurring audits No Risk audits Desktop audits Basic audit Security Seal FAQ Price/Feature Summary Order New Tests All Tests Confidentiality Vulnerability search Run Audit Scheduler IP Permissions Audit Configuration Editor Scan Queue Reminder Notification Schedule Seal Reports Reports Style Editor
Managed
DNS ▼
About Order FAQ Acceptable Use Policy Dynamic DNS Clients
Configure Domains Dyanmic DNS Update Password
Network
Monitor ▼
Enterprise Package Advanced Package Standard Package Free Trial FAQ Price/Feature Summary Order/Renew Examples
Configure/Status Alert Profiles
Research
Reports ▼
Home FAQ Glossary Archive
 Login/Register 
 
 Vulnerability   
Search   		     Search 324607 CVE descriptions
and 145615 test descriptions,
access 10,000+ cross references.
Tests   CVE   All  

Test ID:1.3.6.1.4.1.25623.1.1.10.2020.0303
Category:Mageia Linux Local Security Checks
Title:Mageia: Security Advisory (MGASA-2020-0303)
Summary:The remote host is missing an update for the 'nasm' package(s) announced via the MGASA-2020-0303 advisory.
Description:Summary:
The remote host is missing an update for the 'nasm' package(s) announced via the MGASA-2020-0303 advisory.

Vulnerability Insight:
Netwide Assembler (NASM) 2.13 has a stack-based buffer over-read in the disasm
function of the disasm/disasm.c file. Remote attackers could leverage this
vulnerability to cause a denial of service or possibly have unspecified other
impact via a crafted ELF file (CVE-2018-10254).

Netwide Assembler (NASM) 2.14rc0 has an endless while loop in the
assemble_file function of asm/nasm.c because of a globallineno integer
overflow (CVE-2018-10316).

Netwide Assembler (NASM) 2.14rc15 has a buffer over-read in x86/regflags.c
(CVE-2018-16382).

NASM nasm-2.13.03 nasm- 2.14rc15 version 2.14rc15 and earlier contains a
memory corruption (crashed) of nasm when handling a crafted file due to
function assemble_file(inname, depend_ptr) at asm/nasm.c:482. vulnerability in
function assemble_file(inname, depend_ptr) at asm/nasm.c:482. that can result
in aborting/crash nasm program. This attack appear to be exploitable via a
specially crafted asm file (CVE-2018-1000667).

asm/labels.c in Netwide Assembler (NASM) is prone to NULL Pointer Dereference,
which allows the attacker to cause a denial of service via a crafted file
(CVE-2018-16517).

Netwide Assembler (NASM) 2.14rc15 has an invalid memory write (segmentation
fault) in expand_smacro in preproc.c, which allows attackers to cause a denial
of service via a crafted input file (CVE-2018-16999).

Netwide Assembler (NASM) 2.14rc16 has a heap-based buffer over-read in
expand_mmac_params in asm/preproc.c for the special cases of the % and $ and !
characters (CVE-2018-19215).

Netwide Assembler (NASM) 2.14rc15 has a heap-based buffer over-read in
expand_mmac_params in asm/preproc.c for insufficient input (CVE-2018-19214).

Affected Software/OS:
'nasm' package(s) on Mageia 7.

Solution:
Please install the updated package(s).

CVSS Score:
6.8

CVSS Vector:
AV:N/AC:M/Au:N/C:P/I:P/A:P

Cross-Ref: Common Vulnerability Exposure (CVE) ID: CVE-2018-1000667
https://bugzilla.nasm.us/show_bug.cgi?id=3392507
https://github.com/cyrillos/nasm/issues/3
SuSE Security Announcement: openSUSE-SU-2020:0952 (Google Search)
http://lists.opensuse.org/opensuse-security-announce/2020-07/msg00017.html
SuSE Security Announcement: openSUSE-SU-2020:0954 (Google Search)
http://lists.opensuse.org/opensuse-security-announce/2020-07/msg00015.html
Common Vulnerability Exposure (CVE) ID: CVE-2018-10016
https://bugzilla.nasm.us/show_bug.cgi?id=3392473
Common Vulnerability Exposure (CVE) ID: CVE-2018-10254
https://sourceforge.net/p/nasm/bugs/561/
Common Vulnerability Exposure (CVE) ID: CVE-2018-10316
https://bugzilla.nasm.us/show_bug.cgi?id=3392474
Common Vulnerability Exposure (CVE) ID: CVE-2018-16382
https://bugzilla.nasm.us/show_bug.cgi?id=3392503
Common Vulnerability Exposure (CVE) ID: CVE-2018-16517
https://www.exploit-db.com/exploits/46726/
http://packetstormsecurity.com/files/152566/Netwide-Assembler-NASM-2.14rc15-Null-Pointer-Dereference.html
https://bugzilla.nasm.us/show_bug.cgi?id=3392513
https://fakhrizulkifli.github.io/CVE-2018-16517.html
Common Vulnerability Exposure (CVE) ID: CVE-2018-16999
https://bugzilla.nasm.us/show_bug.cgi?id=3392508
Common Vulnerability Exposure (CVE) ID: CVE-2018-19214
https://bugzilla.nasm.us/show_bug.cgi?id=3392521
https://repo.or.cz/nasm.git/commit/661f723d39e03ca6eb05d7376a43ca33db478354
Common Vulnerability Exposure (CVE) ID: CVE-2018-19215
https://bugzilla.nasm.us/show_bug.cgi?id=3392525
https://repo.or.cz/nasm.git/commit/4b5b737d4991578b1918303dc0fd9c9ab5c7ce4f
CopyrightCopyright (C) 2022 Greenbone AG

This is only one of 145615 vulnerability tests in our test suite. Find out more about running a complete security audit.

To run a free test of this vulnerability against your system, register below.



© 1998-2025 E-Soft Inc. All rights reserved.