CVE-2019-6290
Severity Score
Exploit Likelihood
Affected Versions
Public Exploits
1Exploited in Wild
-Decision
Descriptions
An infinite recursion issue was discovered in eval.c in Netwide Assembler (NASM) through 2.14.02. There is a stack exhaustion problem resulting from infinite recursion in the functions expr, rexp, bexpr and cexpr in certain scenarios involving lots of '{' characters. Remote attackers could leverage this vulnerability to cause a denial-of-service via a crafted asm file.
Se ha descubierto un problema de recursión en eval.c en Netwide Assembler (NASM) hasta la versión 2.14.02. Hay un problema de agotamiento de pila que resulta de la recursión infinita en las funciones expr, rexp, bexpr y cexpr en determinados escenarios que implican el uso frecuente de caracteres "{". Los atacantes remotos pueden aprovechar esta vulnerabilidad para provocar una denegación de servicio (DoS) mediante un archivo asm manipulado.
CVSS Scores
SSVC
- Decision:-
Timeline
- 2019-01-14 CVE Reserved
- 2019-01-15 CVE Published
- 2024-09-16 CVE Updated
- 2024-09-16 First Exploit
- 2024-11-24 EPSS Updated
- ---------- Exploited in Wild
- ---------- KEV Due Date
CWE
- CWE-674: Uncontrolled Recursion
CAPEC
References (1)
| URL | Tag | Source |
|---|
| URL | Date | SRC |
|---|---|---|
| https://bugzilla.nasm.us/show_bug.cgi?id=3392548 | 2024-09-16 |
| URL | Date | SRC |
|---|
| URL | Date | SRC |
|---|
Affected Vendors, Products, and Versions
| Vendor | Product | Version | Other | Status | ||||||
|---|---|---|---|---|---|---|---|---|---|---|
| Vendor | Product | Version | Other | Status | <-- --> | Vendor | Product | Version | Other | Status |
| Nasm Search vendor "Nasm" | Netwide Assembler Search vendor "Nasm" for product "Netwide Assembler" | <= 2.14.02 Search vendor "Nasm" for product "Netwide Assembler" and version " <= 2.14.02" | - |
Affected
| ||||||