CVE-2017-10686

{"id": "CVE-2017-10686", "metrics": {"cvssMetricV2": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"version": "2.0", "baseScore": 6.8, "accessVector": "NETWORK", "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P", "authentication": "NONE", "integrityImpact": "PARTIAL", "accessComplexity": "MEDIUM", "availabilityImpact": "PARTIAL", "confidentialityImpact": "PARTIAL"}, "acInsufInfo": false, "impactScore": 6.4, "baseSeverity": "MEDIUM", "obtainAllPrivilege": false, "exploitabilityScore": 8.6, "obtainUserPrivilege": false, "obtainOtherPrivilege": false, "userInteractionRequired": true}], "cvssMetricV30": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"scope": "UNCHANGED", "version": "3.0", "baseScore": 7.8, "attackVector": "LOCAL", "baseSeverity": "HIGH", "vectorString": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "integrityImpact": "HIGH", "userInteraction": "REQUIRED", "attackComplexity": "LOW", "availabilityImpact": "HIGH", "privilegesRequired": "NONE", "confidentialityImpact": "HIGH"}, "impactScore": 5.9, "exploitabilityScore": 1.8}]}, "published": "2017-06-29T23:29:00.287", "references": [{"url": "https://bugzilla.nasm.us/show_bug.cgi?id=3392414", "tags": ["Exploit", "Issue Tracking", "Patch", "Third Party Advisory", "VDB Entry"], "source": "cve@mitre.org"}, {"url": "https://security.gentoo.org/glsa/201903-19", "source": "cve@mitre.org"}, {"url": "https://usn.ubuntu.com/3694-1/", "tags": ["Third Party Advisory"], "source": "cve@mitre.org"}], "vulnStatus": "Modified", "weaknesses": [{"type": "Primary", "source": "nvd@nist.gov", "description": [{"lang": "en", "value": "CWE-416"}]}], "descriptions": [{"lang": "en", "value": "In Netwide Assembler (NASM) 2.14rc0, there are multiple heap use after free vulnerabilities in the tool nasm. The related heap is allocated in the token() function and freed in the detoken() function (called by pp_getline()) - it is used again at multiple positions later that could cause multiple damages. For example, it causes a corrupted double-linked list in detoken(), a double free or corruption in delete_Token(), and an out-of-bounds write in detoken(). It has a high possibility to lead to a remote code execution attack."}, {"lang": "es", "value": "En Netwide Assembler (NASM) versi\u00f3n 2.14rc0, existen m\u00faltiples vulnerabilidades de acceso a la regi\u00f3n heap de la memoria previamente liberada en la herramienta nasm. La regi\u00f3n heap relacionada es asignada en la funci\u00f3n token() y se libera en la funci\u00f3n detoken() (llamada por pp_getline()); se usa de nuevo en varias posiciones m\u00e1s adelante, lo que podr\u00eda causar da\u00f1os m\u00faltiples. Por ejemplo, provoca una lista de doble enlace da\u00f1ada en detoken(), una doble liberaci\u00f3n o corrupci\u00f3n en delete_Token() y una escritura fuera de l\u00edmites en detoken(). Tiene una alta posibilidad de provocar un ataque de ejecuci\u00f3n de c\u00f3digo remota."}], "lastModified": "2019-03-28T05:29:00.270", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:nasm:netwide_assembler:2.14:rc0:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "DC75A3FA-6176-41ED-80B7-79D69671FF79"}], "operator": "OR"}]}, {"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:o:canonical:ubuntu_linux:14.04:*:*:*:lts:*:*:*", "vulnerable": true, "matchCriteriaId": "B5A6F2F3-4894-4392-8296-3B8DD2679084"}], "operator": "OR"}]}], "sourceIdentifier": "cve@mitre.org"}