Your submission was sent successfully! Close

CVE-2018-19216

Published: 12 November 2018

Netwide Assembler (NASM) before 2.13.02 has a use-after-free in detoken at asm/preproc.c.

Priority

Low

CVSS 3 base score: 7.8

Status

Package Release Status
nasm
Launchpad, Ubuntu, Debian
Upstream Needs triage

Ubuntu 21.10 (Impish Indri) Needed

Ubuntu 21.04 (Hirsute Hippo) Needed

Ubuntu 20.04 LTS (Focal Fossa) Needed

Ubuntu 18.04 LTS (Bionic Beaver) Not vulnerable
(2.13.02-0.1)
Ubuntu 16.04 ESM (Xenial Xerus) Ignored
(end of standard support, was needed)
Ubuntu 14.04 ESM (Trusty Tahr) Does not exist
(trusty was needed)
Patches:
Upstream: https://repo.or.cz/nasm.git/commit/4b5b737d4991578b1918303dc0fd9c9ab5c7ce4f

Notes

AuthorNote
debian
Something is not correct about this CVE, the upstream bug is 3392425,
but commit references 3392525, and the former is really fixed in 2.13.02 but
the latter is unfixed in 2.13.02 and even 2.13.03.

References

Bugs