Select local site

F-Secure Vulnerability Information :
NASM "ppscan()" Off-By-One Vulnerability
[Summary] | [Detailed Description] | [Solution] | [CVE Reference]

Report ID:SA30594
Source:Secunia
Date of Discovery:11.06.2008
Criticality:Low
Affects:

NASM (Netwide Assembler) 0.x
NASM (Netwide Assembler) 2.x
Compromise From:From remote
Compromise Type:System access
Summary

A vulnerability has been reported in NASM, which potentially can be exploited by malicious people to compromise a user"s system.
Back to the Top

Detailed Description

A vulnerability has been reported in NASM, which potentially can be exploited by malicious people to compromise a user"s system.

The vulnerability is caused due to an off-by-one error within the "ppscan()" function in preproc.c. This can be exploited to cause a stack-based buffer overflow with a zero byte by tricking the user into assembling a specially crafted ASM file.

Successful exploitation may allow execution of arbitrary code.
Back to the Top

Solution

Update to version 2.03.
Back to the Top

CVE Reference
Back to the Top

F-Secure Corporation