Vulnerability Information
Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
N/A
Vulnerability Description
In Netwide Assembler (NASM) 2.14rc0, there are multiple heap use after free vulnerabilities in the tool nasm. The related heap is allocated in the token() function and freed in the detoken() function (called by pp_getline()) - it is used again at multiple positions later that could cause multiple damages. For example, it causes a corrupted double-linked list in detoken(), a double free or corruption in delete_Token(), and an out-of-bounds write in detoken(). It has a high possibility to lead to a remote code execution attack.
CVSS Information
N/A
Vulnerability Type
N/A
Vulnerability Title
Netwide Assembler tool nasm 安全漏洞
Vulnerability Description
Netwide Assembler (NASM)是一个基于Linux的汇编器,它能够创建二进制文件并编写引导加载程序。tool nasm是NASM的用户工具。 NASM 2.14rc0版本中的tool nasm存在释放后重用漏洞。远程攻击者可利用该漏洞可能执行代码。
CVSS Information
N/A
Vulnerability Type
N/A