Your submission was sent successfully! Close


Published: 15 January 2019

An infinite recursion issue was discovered in eval.c in Netwide Assembler (NASM) through 2.14.02. There is a stack exhaustion problem resulting from infinite recursion in the functions expr, rexp, bexpr and cexpr in certain scenarios involving lots of '{' characters. Remote attackers could leverage this vulnerability to cause a denial-of-service via a crafted asm file.



CVSS 3 base score: 5.5


Package Release Status
Launchpad, Ubuntu, Debian
Upstream Needs triage

Ubuntu 21.10 (Impish Indri) Deferred
Ubuntu 21.04 (Hirsute Hippo) Deferred
Ubuntu 20.04 LTS (Focal Fossa) Deferred
Ubuntu 18.04 LTS (Bionic Beaver) Deferred
Ubuntu 16.04 ESM (Xenial Xerus) Ignored
(end of standard support, was deferred [2019-04-25])
Ubuntu 14.04 ESM (Trusty Tahr) Does not exist
(trusty was deferred [2019-04-25])