Your submission was sent successfully! Close

CVE-2018-19216

Published: 12 November 2018

Netwide Assembler (NASM) before 2.13.02 has a use-after-free in detoken at asm/preproc.c.

Notes

AuthorNote
debian
Something is not correct about this CVE, the upstream bug is 3392425,
but commit references 3392525, and the former is really fixed in 2.13.02 but
the latter is unfixed in 2.13.02 and even 2.13.03.
Priority

Low

CVSS 3 base score: 7.8

Status

Package Release Status
nasm
Launchpad, Ubuntu, Debian
bionic Not vulnerable
(2.13.02-0.1)
cosmic Ignored
(reached end-of-life)
disco Ignored
(reached end-of-life)
eoan Ignored
(reached end-of-life)
focal Needed

groovy Ignored
(reached end-of-life)
hirsute Ignored
(reached end-of-life)
impish Ignored
(reached end-of-life)
jammy Needed

precise Does not exist

trusty Does not exist
(trusty was needed)
upstream Needs triage

xenial Ignored
(end of standard support, was needed)
Patches:
upstream: https://repo.or.cz/nasm.git/commit/4b5b737d4991578b1918303dc0fd9c9ab5c7ce4f