| Vulnerability Name: | CVE-2019-6291 (CCN-155612) | ||||||||||||||||||||||||||||||||||||
| Assigned: | 2019-01-03 | ||||||||||||||||||||||||||||||||||||
| Published: | 2019-01-03 | ||||||||||||||||||||||||||||||||||||
| Updated: | 2020-08-24 | ||||||||||||||||||||||||||||||||||||
| Summary: | An issue was discovered in the function expr6 in eval.c in Netwide Assembler (NASM) through 2.14.02. There is a stack exhaustion problem caused by the expr6 function making recursive calls to itself in certain scenarios involving lots of '!' or '+' or '-' characters. Remote attackers could leverage this vulnerability to cause a denial-of-service via a crafted asm file. | ||||||||||||||||||||||||||||||||||||
| CVSS v3 Severity: | 5.5 Medium (CVSS v3.1 Vector: CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H) 4.9 Medium (Temporal CVSS v3.1 Vector: CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H/E:U/RL:U/RC:R)
2.9 Low (CCN Temporal CVSS v3.1 Vector: CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L/E:U/RL:U/RC:R)
| ||||||||||||||||||||||||||||||||||||
| CVSS v2 Severity: | 4.3 Medium (CVSS v2 Vector: AV:N/AC:M/Au:N/C:N/I:N/A:P)
| ||||||||||||||||||||||||||||||||||||
| Vulnerability Type: | CWE-674 | ||||||||||||||||||||||||||||||||||||
| Vulnerability Consequences: | Denial of Service | ||||||||||||||||||||||||||||||||||||
| References: | Source: MITRE Type: CNA CVE-2019-6291 Source: CCN Type: Bugzilla Bug 3392549 Stack Exhaustion Problem Caused By the expr6 Function Making Recursive Calls to Itself Source: MISC Type: Exploit, Issue Tracking, Vendor Advisory https://bugzilla.nasm.us/show_bug.cgi?id=3392549 Source: XF Type: UNKNOWN nasm-cve20196291-dos(155612) Source: CCN Type: NASM Web site NASM | ||||||||||||||||||||||||||||||||||||
| Vulnerable Configuration: | Configuration 1: Denotes that component is vulnerable | ||||||||||||||||||||||||||||||||||||
| Oval Definitions | |||||||||||||||||||||||||||||||||||||
| |||||||||||||||||||||||||||||||||||||
| BACK | |||||||||||||||||||||||||||||||||||||