Vulnerability Name:

CVE-2018-16517 (CCN-150056)

Assigned:2018-09-05
Published:2018-09-05
Updated:2020-11-10
Summary:asm/labels.c in Netwide Assembler (NASM) is prone to NULL Pointer Dereference, which allows the attacker to cause a denial of service via a crafted file.
CVSS v3 Severity:5.5 Medium (CVSS v3.1 Vector: CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H)
5.0 Medium (Temporal CVSS v3.1 Vector: CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H/E:P/RL:U/RC:R)
Exploitability Metrics:Attack Vector (AV): Local
Attack Complexity (AC): Low
Privileges Required (PR): None
User Interaction (UI): Required
Scope:Scope (S): Unchanged
Impact Metrics:Confidentiality (C): None
Integrity (I): None
Availibility (A): High
5.5 Medium (CCN CVSS v3.1 Vector: CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H)
5.0 Medium (CCN Temporal CVSS v3.1 Vector: CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H/E:P/RL:U/RC:R)
Exploitability Metrics:Attack Vector (AV): Local
Attack Complexity (AC): Low
Privileges Required (PR): None
User Interaction (UI): Required
Scope:Scope (S): Unchanged
Impact Metrics:Confidentiality (C): None
Integrity (I): None
Availibility (A): High
CVSS v2 Severity:4.3 Medium (CVSS v2 Vector: AV:N/AC:M/Au:N/C:N/I:N/A:P)
Exploitability Metrics:Access Vector (AV): Network
Access Complexity (AC): Medium
Authentication (Au): None
Impact Metrics:Confidentiality (C): None
Integrity (I): None
Availibility (A): Partial
4.6 Medium (CCN CVSS v2 Vector: AV:L/AC:L/Au:S/C:N/I:N/A:C)
Exploitability Metrics:Access Vector (AV): Local
Access Complexity (AC): Low
Athentication (Au): Single_Instance
Impact Metrics:Confidentiality (C): None
Integrity (I): None
Availibility (A): Complete
Vulnerability Type:CWE-476
Vulnerability Consequences:Denial of Service
References:Source: MITRE
Type: CNA
CVE-2018-16517

Source: SUSE
Type: Mailing List, Third Party Advisory
openSUSE-SU-2020:0954

Source: SUSE
Type: Mailing List, Third Party Advisory
openSUSE-SU-2020:0952

Source: MISC
Type: Exploit, Third Party Advisory, VDB Entry
http://packetstormsecurity.com/files/152566/Netwide-Assembler-NASM-2.14rc15-Null-Pointer-Dereference.html

Source: CCN
Type: Bugzilla – Bug 3392513
NULL Pointer Dereference in asm/labels.c

Source: MISC
Type: Exploit, Issue Tracking, Third Party Advisory
https://bugzilla.nasm.us/show_bug.cgi?id=3392513

Source: XF
Type: UNKNOWN
netwide-cve201816517-dos(150056)

Source: MISC
Type: Exploit, Third Party Advisory
https://fakhrizulkifli.github.io/CVE-2018-16517.html

Source: CCN
Type: Packet Storm Security [04-18-2019]
Netwide Assembler (NASM) 2.14rc15 Null Pointer Dereference

Source: EXPLOIT-DB
Type: EXPLOIT
Offensive Security Exploit Database [04-18-2019]

Source: EXPLOIT-DB
Type: Exploit, Third Party Advisory, VDB Entry
46726

Source: CCN
Type: Netwide Assembler Web site
Netwide Assembler (NASM)

Vulnerable Configuration:Configuration 1:
  • cpe:/a:nasm:netwide_assembler:*:*:*:*:*:*:*:* (Version <= 2.13.03)
  • OR cpe:/a:nasm:netwide_assembler:2.14:rc15:*:*:*:*:*:*
  • OR cpe:/a:nasm:netwide_assembler:2.14.0:rc1:*:*:*:*:*:*
  • OR cpe:/a:nasm:netwide_assembler:2.14.0:rc10:*:*:*:*:*:*
  • OR cpe:/a:nasm:netwide_assembler:2.14.0:rc11:*:*:*:*:*:*
  • OR cpe:/a:nasm:netwide_assembler:2.14.0:rc12:*:*:*:*:*:*
  • OR cpe:/a:nasm:netwide_assembler:2.14.0:rc13:*:*:*:*:*:*
  • OR cpe:/a:nasm:netwide_assembler:2.14.0:rc14:*:*:*:*:*:*
  • OR cpe:/a:nasm:netwide_assembler:2.14.0:rc2:*:*:*:*:*:*
  • OR cpe:/a:nasm:netwide_assembler:2.14.0:rc3:*:*:*:*:*:*
  • OR cpe:/a:nasm:netwide_assembler:2.14.0:rc4:*:*:*:*:*:*
  • OR cpe:/a:nasm:netwide_assembler:2.14.0:rc5:*:*:*:*:*:*
  • OR cpe:/a:nasm:netwide_assembler:2.14.0:rc6:*:*:*:*:*:*
  • OR cpe:/a:nasm:netwide_assembler:2.14.0:rc7:*:*:*:*:*:*
  • OR cpe:/a:nasm:netwide_assembler:2.14.0:rc8:*:*:*:*:*:*
  • OR cpe:/a:nasm:netwide_assembler:2.14.0:rc9:*:*:*:*:*:*

    • * Denotes that component is vulnerable
    Oval Definitions
    Definition IDClassTitleLast Modified
    oval:org.opensuse.security:def:201816517
    V
    		CVE-2018-16517
    2022-09-02
    oval:org.opensuse.security:def:3045
    P
    		cups-pk-helper-0.2.5-5.1 on GA media (Moderate)
    2022-06-28
    oval:org.opensuse.security:def:3090
    P
    		groff-1.22.2-5.287 on GA media (Moderate)
    2022-06-28
    oval:org.opensuse.security:def:3055
    P
    		dovecot22-2.2.31-19.17.1 on GA media (Moderate)
    2022-06-28
    oval:org.opensuse.security:def:3101
    P
    		gzip-1.10-2.12 on GA media (Moderate)
    2022-06-28
    oval:org.opensuse.security:def:94837
    P
    		supportutils-3.1.20-150300.7.35.10.1 on GA media (Moderate)
    2022-06-22
    oval:org.opensuse.security:def:68544
    P
    		Security update for p11-kit (Important)
    2021-12-22
    oval:org.opensuse.security:def:101550
    P
    		Security update for aaa_base (Moderate)
    2021-12-03
    oval:org.opensuse.security:def:64618
    P
    		Security update for postgresql13 (Important)
    2021-11-22
    oval:org.opensuse.security:def:70491
    P
    		Security update for python-Pygments (Important)
    2021-10-20
    oval:org.opensuse.security:def:64778
    P
    		Security update for the Linux Kernel (Important)
    2021-10-12
    oval:org.opensuse.security:def:73705
    P
    		Security update for curl (Moderate)
    2021-10-06
    oval:org.opensuse.security:def:63192
    P
    		apache2-2.4.33-3.15.1 on GA media (Moderate)
    2021-09-21
    oval:org.opensuse.security:def:65300
    P
    		Security update for MozillaFirefox (Important)
    2021-08-19
    oval:org.opensuse.security:def:64740
    P
    		Security update for rpm (Important)
    2021-08-12
    oval:org.opensuse.security:def:2374
    P
    		binutils-gold-2.35.1-7.18.1 on GA media (Moderate)
    2021-08-10
    oval:org.opensuse.security:def:2330
    P
    		binutils-gold-2.32-7.8.1 on GA media (Moderate)
    2021-08-10
    oval:org.opensuse.security:def:2388
    P
    		icedtea-web-1.7.1-5.13 on GA media (Moderate)
    2021-08-10
    oval:org.opensuse.security:def:2339
    P
    		libexif12-32bit-0.6.21-5.3.1 on GA media (Moderate)
    2021-08-10
    oval:org.opensuse.security:def:2415
    P
    		openconnect-7.08-6.9.1 on GA media (Moderate)
    2021-08-10
    oval:org.opensuse.security:def:2365
    P
    		python2-opencv-3.3.1-6.6.1 on GA media (Moderate)
    2021-08-10
    oval:org.opensuse.security:def:63466
    P
    		djvulibre-3.5.27-9.28 on GA media (Moderate)
    2021-08-10
    oval:org.opensuse.security:def:2400
    P
    		libmwaw-0_3-3-0.3.17-4.9.2 on GA media (Moderate)
    2021-08-10
    oval:org.opensuse.security:def:2368
    P
    		sane-backends-32bit-1.0.27-4.27 on GA media (Moderate)
    2021-08-10
    oval:org.opensuse.security:def:2377
    P
    		djvulibre-3.5.27-9.28 on GA media (Moderate)
    2021-08-10
    oval:org.opensuse.security:def:2334
    P
    		graphviz-gnome-2.40.1-6.3.2 on GA media (Moderate)
    2021-08-10
    oval:org.opensuse.security:def:2406
    P
    		libstaroffice-0_0-0-0.0.7-7.3.2 on GA media (Moderate)
    2021-08-10
    oval:org.opensuse.security:def:2361
    P
    		python2-SQLAlchemy-1.2.14-6.3.1 on GA media (Moderate)
    2021-08-10
    oval:org.opensuse.security:def:2394
    P
    		libgd3-32bit-2.2.5-9.1 on GA media (Moderate)
    2021-08-10
    oval:org.opensuse.security:def:2372
    P
    		vpx-tools-1.6.1-6.6.8 on GA media (Moderate)
    2021-08-10
    oval:org.opensuse.security:def:2407
    P
    		libsybdb5-1.1.36-3.3.1 on GA media (Moderate)
    2021-08-10
    oval:org.opensuse.security:def:2401
    P
    		libpcap1-32bit-1.9.1-1.33 on GA media (Moderate)
    2021-08-10
    oval:org.opensuse.security:def:2405
    P
    		libsnmp30-32bit-5.7.3-8.24 on GA media (Moderate)
    2021-08-10
    oval:org.opensuse.security:def:2349
    P
    		libsnmp30-32bit-5.7.3-8.24 on GA media (Moderate)
    2021-08-10
    oval:org.opensuse.security:def:63370
    P
    		rmt-server-2.6.8-1.2 on GA media (Moderate)
    2021-08-10
    oval:org.opensuse.security:def:62995
    P
    		bsh2-2.0.0.b6-10.65 on GA media (Moderate)
    2021-08-09
    oval:org.opensuse.security:def:71884
    P
    		libcacard0-2.5.3-1.27 on GA media (Moderate)
    2021-08-09
    oval:org.opensuse.security:def:72000
    P
    		login_defs-4.8.1-2.43 on GA media (Moderate)
    2021-08-09
    oval:org.opensuse.security:def:64739
    P
    		Security update for webkit2gtk3 (Important)
    2021-08-03
    oval:org.opensuse.security:def:64734
    P
    		Security update for curl (Moderate)
    2021-07-21
    oval:org.opensuse.security:def:64720
    P
    		Security update for apache2 (Important)
    2021-06-22
    oval:org.opensuse.security:def:64890
    P
    		Security update for containerd, docker, runc (Important)
    2021-06-11
    oval:org.opensuse.security:def:48885
    P
    		sane-backends-32bit-1.0.24-3.1 on GA media (Moderate)
    2021-06-08
    oval:org.opensuse.security:def:48866
    P
    		libpolkit0-32bit-0.113-5.6.1 on GA media (Moderate)
    2021-06-08
    oval:org.opensuse.security:def:2452
    P
    		icedtea-web-1.7.1-1.48 on GA media (Moderate)
    2021-06-08
    oval:org.opensuse.security:def:2450
    P
    		gnome-shell-calendar-3.26.2+20180130.0d9c74212-2.43 on GA media (Moderate)
    2021-06-08
    oval:org.opensuse.security:def:48904
    P
    		gegl-0_2-0.2.0-14.3 on GA media (Moderate)
    2021-06-08
    oval:org.opensuse.security:def:48848
    P
    		libFLAC++6-32bit-1.3.0-11.1 on GA media (Moderate)
    2021-06-08
    oval:org.opensuse.security:def:2443
    P
    		dia-0.97.3-2.32 on GA media (Moderate)
    2021-06-08
    oval:org.opensuse.security:def:48886
    P
    		telepathy-gabble-0.18.3-5.7 on GA media (Moderate)
    2021-06-08
    oval:org.opensuse.security:def:48847
    P
    		lhasa-0.2.0-5.1 on GA media (Moderate)
    2021-06-08
    oval:org.opensuse.security:def:67135
    P
    		Security update for gstreamer-plugins-bad (Important)
    2021-06-08
    oval:org.opensuse.security:def:2437
    P
    		NetworkManager-lang-1.10.6-3.16 on GA media (Moderate)
    2021-06-08
    oval:org.opensuse.security:def:73826
    P
    		Security update for python-py (Moderate)
    2021-06-04
    oval:org.opensuse.security:def:64511
    P
    		Security update for python-httplib2 (Moderate)
    2021-05-31
    oval:org.opensuse.security:def:64510
    P
    		Security update for postgresql13 (Moderate)
    2021-05-27
    oval:org.opensuse.security:def:70383
    P
    		Security update for libnettle (Important)
    2021-04-28
    oval:org.opensuse.security:def:65210
    P
    		Security update for librsvg (Important)
    2021-04-28
    oval:org.opensuse.security:def:51535
    P
    		Security update for spamassassin (Important)
    2021-04-12
    oval:org.opensuse.security:def:67040
    P
    		Security update for php7 (Important)
    2021-02-24
    oval:org.opensuse.security:def:64598
    P
    		Security update for java-11-openjdk (Important)
    2021-02-09
    oval:org.opensuse.security:def:51473
    P
    		Security update for the Linux Kernel (Live Patch 31 for SLE 12 SP3) (Important)
    2020-12-07
    oval:org.opensuse.security:def:49030
    P
    		libpolkit0-32bit-0.113-5.18.1 on GA media (Moderate)
    2020-12-03
    oval:org.opensuse.security:def:63164
    P
    		libshibsp-lite7-2.6.1-1.48 on GA media (Moderate)
    2020-12-03
    oval:org.opensuse.security:def:62967
    P
    		ncurses-devel-32bit-6.1-5.6.2 on GA media (Moderate)
    2020-12-03
    oval:org.opensuse.security:def:63156
    P
    		libapr-util1-dbd-mysql-1.6.1-2.41 on GA media (Moderate)
    2020-12-03
    oval:org.opensuse.security:def:62963
    P
    		libtidy-devel-5.4.0-3.2.1 on GA media (Moderate)
    2020-12-03
    oval:org.opensuse.security:def:63173
    P
    		openslp-server-2.0.0-4.13 on GA media (Moderate)
    2020-12-03
    oval:org.opensuse.security:def:48992
    P
    		gstreamer-0_10-plugins-bad-0.10.23-25.1 on GA media (Moderate)
    2020-12-03
    oval:org.opensuse.security:def:62970
    P
    		osc-0.168.2-3.15.1 on GA media (Moderate)
    2020-12-03
    oval:org.opensuse.security:def:63151
    P
    		gnuplot-5.2.2-1.109 on GA media (Moderate)
    2020-12-03
    oval:org.opensuse.security:def:50124
    P
    		tomcat on GA media (Moderate)
    2020-12-01
    oval:org.opensuse.security:def:64034
    P
    		Security update for djvulibre (Low)
    2020-12-01
    oval:org.opensuse.security:def:51490
    P
    		Security update for nasm (Moderate)
    2020-12-01
    oval:org.opensuse.security:def:63669
    P
    		Security update for libjpeg-turbo (Moderate)
    2020-12-01
    oval:org.opensuse.security:def:64374
    P
    		libpulse-devel on GA media (Moderate)
    2020-12-01
    oval:org.opensuse.security:def:49476
    P
    		libyaml-cpp0_6 on GA media (Moderate)
    2020-12-01
    oval:org.opensuse.security:def:68647
    P
    		Security update for nasm (Moderate)
    2020-12-01
    oval:org.opensuse.security:def:49339
    P
    		syslog-service on GA media (Moderate)
    2020-12-01
    oval:org.opensuse.security:def:49959
    P
    		libsaml-devel on GA media (Moderate)
    2020-12-01
    oval:org.opensuse.security:def:49826
    P
    		crash on GA media (Moderate)
    2020-12-01
    oval:org.opensuse.security:def:75082
    P
    		Security update for ovmf (Moderate)
    2020-12-01
    oval:org.opensuse.security:def:64949
    P
    		Security update for libvirt (Important)
    2020-12-01
    oval:org.opensuse.security:def:63879
    P
    		Security update for libssh2_org (Moderate)
    2020-12-01
    oval:org.opensuse.security:def:74965
    P
    		Security update for nasm (Moderate)
    2020-12-01
    oval:org.opensuse.security:def:50152
    P
    		imobiledevice-tools on GA media (Moderate)
    2020-12-01
    oval:org.opensuse.security:def:64045
    P
    		Security update for tomcat (Important)
    2020-12-01
    oval:org.opensuse.security:def:65015
    P
    		Security update for gettext-runtime (Moderate)
    2020-12-01
    oval:org.opensuse.security:def:49379
    P
    		containerd on GA media (Moderate)
    2020-12-01
    oval:org.opensuse.security:def:49983
    P
    		subversion-server on GA media (Moderate)
    2020-12-01
    oval:org.opensuse.security:def:49195
    P
    		libmp3lame0 on GA media (Moderate)
    2020-12-01
    oval:org.opensuse.security:def:49869
    P
    		libpmi0 on GA media (Moderate)
    2020-12-01
    oval:org.opensuse.security:def:49592
    P
    		perl-Tk on GA media (Moderate)
    2020-12-01
    oval:org.opensuse.security:def:65137
    P
    		Security update for helm-mirror (Moderate)
    2020-12-01
    oval:org.opensuse.security:def:50048
    P
    		apache2-mod_jk on GA media (Moderate)
    2020-12-01
    oval:org.opensuse.security:def:64847
    P
    		Security update for ucode-intel (Important)
    2020-12-01
    oval:org.opensuse.security:def:75219
    P
    		Security update for nasm (Moderate)
    2020-12-01
    oval:org.opensuse.security:def:63673
    P
    		Security update for ovmf (Moderate)
    2020-12-01
    oval:org.opensuse.security:def:51428
    P
    		Security update for cups (Important)
    2020-12-01
    oval:org.opensuse.security:def:50197
    P
    		libopencv3_3 on GA media (Moderate)
    2020-12-01
    oval:org.opensuse.security:def:64265
    P
    		glibc-locale-32bit on GA media (Moderate)
    2020-12-01
    oval:org.opensuse.security:def:50079
    P
    		libvirglrenderer0 on GA media (Moderate)
    2020-12-01
    oval:org.opensuse.security:def:63816
    P
    		Security update for samba (Important)
    2020-12-01
    oval:org.opensuse.security:def:50028
    P
    		qemu on GA media (Moderate)
    2020-12-01
    oval:org.opensuse.security:def:49234
    P
    		libsnmp30 on GA media (Moderate)
    2020-12-01
    oval:org.opensuse.security:def:49633
    P
    		gnome-shell-search-provider-nautilus on GA media (Moderate)
    2020-12-01
    oval:org.opensuse.security:def:49435
    P
    		libexiv2-26 on GA media (Moderate)
    2020-12-01
    oval:org.opensuse.security:def:50093
    P
    		qemu-audio-oss on GA media (Moderate)
    2020-12-01
    oval:org.opensuse.security:def:49916
    P
    		python-devel on GA media (Moderate)
    2020-12-01
    oval:org.opensuse.security:def:74832
    P
    		Security update for salt (Critical)
    2020-12-01
    oval:org.opensuse.security:def:110956
    P
    		Security update for nasm (Moderate)
    2020-07-13
    oval:org.opensuse.security:def:110627
    P
    		Security update for nasm (Moderate)
    2020-07-13
    oval:org.opensuse.security:def:104313
    P
    		Security update for nasm (Moderate)
    2020-07-06
    oval:org.opensuse.security:def:97623
    P
    		Security update for nasm (Moderate)
    2020-07-06
    oval:org.opensuse.security:def:108216
    P
    		Security update for nasm (Moderate)
    2020-07-06
    oval:org.opensuse.security:def:90658
    P
    		Security update for nasm (Moderate)
    2020-07-06
    oval:org.opensuse.security:def:117730
    P
    		Security update for nasm (Moderate)
    2020-07-06
    oval:com.ubuntu.disco:def:2018165170000000
    V
    		CVE-2018-16517 on Ubuntu 19.04 (disco) - negligible.
    2018-09-06
    oval:com.ubuntu.bionic:def:201816517000
    V
    		CVE-2018-16517 on Ubuntu 18.04 LTS (bionic) - negligible.
    2018-09-06
    oval:com.ubuntu.cosmic:def:2018165170000000
    V
    		CVE-2018-16517 on Ubuntu 18.10 (cosmic) - negligible.
    2018-09-06
    oval:com.ubuntu.cosmic:def:201816517000
    V
    		CVE-2018-16517 on Ubuntu 18.10 (cosmic) - negligible.
    2018-09-06
    oval:com.ubuntu.bionic:def:2018165170000000
    V
    		CVE-2018-16517 on Ubuntu 18.04 LTS (bionic) - negligible.
    2018-09-06
    oval:com.ubuntu.trusty:def:201816517000
    V
    		CVE-2018-16517 on Ubuntu 14.04 LTS (trusty) - negligible.
    2018-09-06
    oval:com.ubuntu.xenial:def:2018165170000000
    V
    		CVE-2018-16517 on Ubuntu 16.04 LTS (xenial) - negligible.
    2018-09-06
    oval:com.ubuntu.xenial:def:201816517000
    V
    		CVE-2018-16517 on Ubuntu 16.04 LTS (xenial) - negligible.
    2018-09-06
    BACK
    nasm netwide assembler *
    nasm netwide assembler 2.14 rc15
    nasm netwide assembler 2.14.0 rc1
    nasm netwide assembler 2.14.0 rc10
    nasm netwide assembler 2.14.0 rc11
    nasm netwide assembler 2.14.0 rc12
    nasm netwide assembler 2.14.0 rc13
    nasm netwide assembler 2.14.0 rc14
    nasm netwide assembler 2.14.0 rc2
    nasm netwide assembler 2.14.0 rc3
    nasm netwide assembler 2.14.0 rc4
    nasm netwide assembler 2.14.0 rc5
    nasm netwide assembler 2.14.0 rc6
    nasm netwide assembler 2.14.0 rc7
    nasm netwide assembler 2.14.0 rc8
    nasm netwide assembler 2.14.0 rc9