CVE-2018-19216
Published: 12 November 2018
Netwide Assembler (NASM) before 2.13.02 has a use-after-free in detoken at asm/preproc.c.
Priority
Low
CVSS 3 base score: 7.8
Status
| Package | Release | Status |
|---|---|---|
|
nasm Launchpad, Ubuntu, Debian |
Upstream |
Needs triage
|
| Ubuntu 21.10 (Impish Indri) |
Needed
|
|
| Ubuntu 21.04 (Hirsute Hippo) |
Needed
|
|
| Ubuntu 20.04 LTS (Focal Fossa) |
Needed
|
|
| Ubuntu 18.04 LTS (Bionic Beaver) |
Not vulnerable
(2.13.02-0.1)
|
|
| Ubuntu 16.04 ESM (Xenial Xerus) |
Ignored
(end of standard support, was needed)
|
|
| Ubuntu 14.04 ESM (Trusty Tahr) |
Does not exist
(trusty was needed)
|
|
|
Patches: Upstream: https://repo.or.cz/nasm.git/commit/4b5b737d4991578b1918303dc0fd9c9ab5c7ce4f |
||
Notes
| Author | Note |
|---|---|
| debian | Something is not correct about this CVE, the upstream bug is 3392425, but commit references 3392525, and the former is really fixed in 2.13.02 but the latter is unfixed in 2.13.02 and even 2.13.03. |