CVE-2017-17818

{"id": "CVE-2017-17818", "metrics": {"cvssMetricV2": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"version": "2.0", "baseScore": 5.0, "accessVector": "NETWORK", "vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P", "authentication": "NONE", "integrityImpact": "NONE", "accessComplexity": "LOW", "availabilityImpact": "PARTIAL", "confidentialityImpact": "NONE"}, "acInsufInfo": false, "impactScore": 2.9, "baseSeverity": "MEDIUM", "obtainAllPrivilege": false, "exploitabilityScore": 10.0, "obtainUserPrivilege": false, "obtainOtherPrivilege": false, "userInteractionRequired": false}], "cvssMetricV30": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"scope": "UNCHANGED", "version": "3.0", "baseScore": 7.5, "attackVector": "NETWORK", "baseSeverity": "HIGH", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "integrityImpact": "NONE", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "HIGH", "privilegesRequired": "NONE", "confidentialityImpact": "NONE"}, "impactScore": 3.6, "exploitabilityScore": 3.9}]}, "published": "2017-12-21T03:29:00.520", "references": [{"url": "https://bugzilla.nasm.us/show_bug.cgi?id=3392428", "tags": ["Exploit", "Issue Tracking", "Third Party Advisory", "VDB Entry"], "source": "cve@mitre.org"}, {"url": "https://usn.ubuntu.com/3694-1/", "tags": ["Third Party Advisory"], "source": "cve@mitre.org"}, {"url": "https://bugzilla.nasm.us/show_bug.cgi?id=3392428", "tags": ["Exploit", "Issue Tracking", "Third Party Advisory", "VDB Entry"], "source": "af854a3a-2127-422b-91ae-364da2661108"}, {"url": "https://usn.ubuntu.com/3694-1/", "tags": ["Third Party Advisory"], "source": "af854a3a-2127-422b-91ae-364da2661108"}], "vulnStatus": "Modified", "weaknesses": [{"type": "Primary", "source": "nvd@nist.gov", "description": [{"lang": "en", "value": "CWE-125"}]}], "descriptions": [{"lang": "en", "value": "In Netwide Assembler (NASM) 2.14rc0, there is a heap-based buffer over-read that will cause a remote denial of service attack, related to a while loop in paste_tokens in asm/preproc.c."}, {"lang": "es", "value": "En Netwide Assembler (NASM) 2.14rc0, existe una sobrelectura de b\u00fafer basada en memoria din\u00e1mica (heap) que podr\u00eda provocar un ataque de denegaci\u00f3n de servicio (DoS) remoto, relacionado con un bucle while en paste_tokens en asm/preproc.c."}], "lastModified": "2024-11-21T03:18:44.490", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:nasm:netwide_assembler:2.14:rc0:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "DC75A3FA-6176-41ED-80B7-79D69671FF79"}], "operator": "OR"}]}, {"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:o:canonical:ubuntu_linux:14.04:*:*:*:lts:*:*:*", "vulnerable": true, "matchCriteriaId": "B5A6F2F3-4894-4392-8296-3B8DD2679084"}], "operator": "OR"}]}], "sourceIdentifier": "cve@mitre.org"}