CVE-2017-10686 -- nasmID: oval:org.secpod.oval:def:2000506 | Date: (C)2019-06-02 (M)2024-04-17 |
Class: VULNERABILITY | Family: unix |
In Netwide Assembler 2.14rc0, there are multiple heap use after free vulnerabilities in the tool nasm. The related heap is allocated in the token function and freed in the detoken function - it is used again at multiple positions later that could cause multiple damages. For example, it causes a corrupted double-linked list in detoken, a double free or corruption in delete_Token, and an out-of-bounds write in detoken. It has a high possibility to lead to a remote code execution attack.
Platform: |
Debian 8.x |
Debian 9.x |