CVE-2017-10686
Publication date 29 June 2017
Last updated 24 July 2024
Ubuntu priority
Cvss 3 Severity Score
In Netwide Assembler (NASM) 2.14rc0, there are multiple heap use after free vulnerabilities in the tool nasm. The related heap is allocated in the token() function and freed in the detoken() function (called by pp_getline()) - it is used again at multiple positions later that could cause multiple damages. For example, it causes a corrupted double-linked list in detoken(), a double free or corruption in delete_Token(), and an out-of-bounds write in detoken(). It has a high possibility to lead to a remote code execution attack.
Status
Package | Ubuntu Release | Status |
---|---|---|
nasm | 18.04 LTS bionic |
Not affected
|
16.04 LTS xenial |
Fixed 2.11.08-1ubuntu0.1
|
|
14.04 LTS trusty |
Fixed 2.10.09-1ubuntu0.1
|
Severity score breakdown
Parameter | Value |
---|---|
Base score | 7.8 · High |
Attack vector | Local |
Attack complexity | Low |
Privileges required | None |
User interaction | Required |
Scope | Unchanged |
Confidentiality | High |
Integrity impact | High |
Availability impact | High |
Vector | CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H |
References
Related Ubuntu Security Notices (USN)
- USN-3694-1
- NASM vulnerabilities
- 28 June 2018