CVE-2018-19755: Improper Input Validation

November 30, 2018 (updated December 21, 2018)

There is an illegal address access at asm/preproc.c (function: is_mmacro) in Netwide Assembler (NASM) rc16 that will cause a denial of service (out-of-bounds array access) because a certain conversion can result in a negative integer.

References

bugzilla.nasm.us/show_bug.cgi?id=3392528
nvd.nist.gov/vuln/detail/CVE-2018-19755
repo.or.cz/nasm.git/commit/3079f7966dbed4497e36d5067cbfd896a90358cb

Detect and mitigate CVE-2018-19755 with GitLab Dependency Scanning

Secure your software supply chain by verifying that all open source dependencies used in your projects contain no disclosed vulnerabilities. Learn more about Dependency Scanning →