CVSS: 6.8EPSS: 1%CPEs: 1EXPL: 1CVE-2008-2719 – NASM 2.0 - 'ppscan()' Off-by-One Buffer Overflow
https://notcve.org/view.php?id=CVE-2008-2719
Off-by-one error in the ppscan function (preproc.c) in Netwide Assembler (NASM) 2.02 allows context-dependent attackers to cause a denial of service (crash) and possibly execute arbitrary code via a crafted file that triggers a stack-based buffer overflow. Error de superación de límite (off-by-one) en la función ppscan (prepoc.c) de Netwide Assembler (NASM) 2.02; permite a atacantes dependientes del contexto provocar una denegación de servicio (caída) y puede que ejecutar código de su elección mediante un fichero manipulado que produce un desbordamiento del búfer basado en pila. • https://www.exploit-db.com/exploits/31903 http://repo.or.cz/w/nasm.git?a=commit%3Bh=76ec8e73db16f4cf1453a142d03bcc74d528f72f http://secunia.com/advisories/30594 http://secunia.com/advisories/32059 http://www.mandriva.com/security/advisories?name=MDVSA-2008:120 http://www.openwall.com/lists/oss-security/2008/06/11/4 http://www.openwall.com/lists/oss-security/2008/06/11/5 http://www.securityfocus.com/bid/29656 http://www.securitytracker.com/id?1020259 http://www.ubuntu.com • CWE-189: Numeric Errors •
CVSS: 10.0EPSS: 0%CPEs: 1EXPL: 2CVE-2004-1287 – NASM 0.98.x - Error Preprocessor Directive Buffer Overflow
https://notcve.org/view.php?id=CVE-2004-1287
Buffer overflow in the error function in preproc.c for NASM 0.98.38 1.2 allows attackers to execute arbitrary code via a crafted asm file, a different vulnerability than CVE-2005-1194. Desbordamiento de búfer en la función de error en prepor.c de NASM 0.98.38 1.2 permite a atacantes remotos ejecutar código de su elección mediante un fichero asm construido artesanalmente. • https://www.exploit-db.com/exploits/25005 http://tigger.uic.edu/~jlongs2/holes/nasm.txt http://www.redhat.com/support/errata/RHSA-2005-381.html https://exchange.xforce.ibmcloud.com/vulnerabilities/18540 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11299 https://access.redhat.com/security/cve/CVE-2004-1287 https://bugzilla.redhat.com/show_bug.cgi?id=1617404 • CWE-787: Out-of-bounds Write •