Published: 15 January 2019

An issue was discovered in the function expr6 in eval.c in Netwide Assembler (NASM) through 2.14.02. There is a stack exhaustion problem caused by the expr6 function making recursive calls to itself in certain scenarios involving lots of '!' or '+' or '-' characters. Remote attackers could leverage this vulnerability to cause a denial-of-service via a crafted asm file.



CVSS 3 base score: 5.5


Package Release Status
Launchpad, Ubuntu, Debian
Upstream Needs triage

Ubuntu 21.10 (Impish Indri) Deferred
Ubuntu 21.04 (Hirsute Hippo) Deferred
Ubuntu 20.04 LTS (Focal Fossa) Deferred
Ubuntu 18.04 LTS (Bionic Beaver) Deferred
Ubuntu 16.04 ESM (Xenial Xerus) Ignored
(end of standard support, was deferred [2019-04-25])
Ubuntu 14.04 ESM (Trusty Tahr) Does not exist
(trusty was deferred [2019-04-25])