CVE-2019-6291
Severity Score
Exploit Likelihood
Affected Versions
Public Exploits
1Exploited in Wild
-Decision
Descriptions
An issue was discovered in the function expr6 in eval.c in Netwide Assembler (NASM) through 2.14.02. There is a stack exhaustion problem caused by the expr6 function making recursive calls to itself in certain scenarios involving lots of '!' or '+' or '-' characters. Remote attackers could leverage this vulnerability to cause a denial-of-service via a crafted asm file.
Se ha descubierto un problema en la función expr6 en eval.c en Netwide Assembler (NASM) hasta la versión 2.14.02. Hay un problema de agotamiento de pila causado por la función expr6, haciendo llamadas recursivas a sí misma en ciertos casos que implican el uso frecuente de caracteres "!", "+" y "-". Los atacantes remotos pueden aprovechar esta vulnerabilidad para provocar una denegación de servicio (DoS) mediante un archivo asm manipulado.
CVSS Scores
SSVC
- Decision:-
Timeline
- 2019-01-14 CVE Reserved
- 2019-01-15 CVE Published
- 2024-09-16 CVE Updated
- 2024-09-16 First Exploit
- 2024-11-24 EPSS Updated
- ---------- Exploited in Wild
- ---------- KEV Due Date
CWE
- CWE-674: Uncontrolled Recursion
CAPEC
References (1)
| URL | Tag | Source |
|---|
| URL | Date | SRC |
|---|---|---|
| https://bugzilla.nasm.us/show_bug.cgi?id=3392549 | 2024-09-16 |
| URL | Date | SRC |
|---|
| URL | Date | SRC |
|---|
Affected Vendors, Products, and Versions
| Vendor | Product | Version | Other | Status | ||||||
|---|---|---|---|---|---|---|---|---|---|---|
| Vendor | Product | Version | Other | Status | <-- --> | Vendor | Product | Version | Other | Status |
| Nasm Search vendor "Nasm" | Netwide Assembler Search vendor "Nasm" for product "Netwide Assembler" | <= 2.14.02 Search vendor "Nasm" for product "Netwide Assembler" and version " <= 2.14.02" | - |
Affected
| ||||||