CVE-2008-2719 - Off-by-one error in the ppscan function (preproc.c) in Netwide Assembler (NASM) 2.02 allows context-

CVE-2008-2719

Summary

Off-by-one error in the ppscan function (preproc.c) in Netwide Assembler (NASM) 2.02 allows context-dependent attackers to cause a denial of service (crash) and possibly execute arbitrary code via a crafted file that triggers a stack-based buffer overflow.

References

Vulnerable Configurations

cpe:2.3:a:nasm:netwide_assembler:2.02:*:*:*:*:*:*:*
cpe:2.3:a:nasm:netwide_assembler:2.02:*:*:*:*:*:*:*

CVSS

Base:	6.8 (as of 30-10-2018 - 16:28)
Impact:
Exploitability:

CWE

CWE-189

CAPEC

Access

Vector	Complexity	Authentication
NETWORK	MEDIUM	NONE

Impact

Confidentiality	Integrity	Availability
PARTIAL	PARTIAL	PARTIAL

cvss-vector via4

AV:N/AC:M/Au:N/C:P/I:P/A:P

refmap via4

bid	29656
confirm	http://repo.or.cz/w/nasm.git?a=commit;h=76ec8e73db16f4cf1453a142d03bcc74d528f72f https://sourceforge.net/project/shownotes.php?group_id=6208&release_id=606115 https://sourceforge.net/tracker/?func=detail&atid=106208&aid=1942146&group_id=6208
mandriva	MDVSA-2008:120
mlist	[oss-security] 20080611 CVE id request: nasm off-by-one [oss-security] 20080611 Re: CVE id request: nasm off-by-one
sectrack	1020259
secunia	30594 32059
ubuntu	USN-648-1
vupen	ADV-2008-1811
xf	nasm-ppscan-bo(42995)

statements via4

contributor	Mark J Cox
lastmodified	2008-07-04
organization	Red Hat
statement	Not vulnerable. These issues did not affect the versions of NASM as shipped with Red Hat Enterprise Linux 2.1, 3, 4, or 5.

Last major update

30-10-2018 - 16:28

Published

16-06-2008 - 23:41

Last modified

30-10-2018 - 16:28